Hash Hunter is a multithreaded CLI tool that checks if malware sample hashes exist across multiple threat intelligence repositories.
Command-line tool to search for malware samples in various repositories
This tool is designed for security analysts and threat hunters who need to quickly verify the presence and verdict of malware samples by their hashes across various public and private repositories. It streamlines threat intelligence gathering by automating hash lookups, saving time in malware analysis workflows.
Users must obtain and configure API keys or accounts for most integrated services to fully utilize the tool. Virus Total requires a paid API key. The tool relies on external services which may have query limits or require registration. Latency of API responses can affect result ordering.
Install Go programming language if not already installed
Get the JSON parsing module with: go get github.com/tidwall/gjson
Clone or download the repository from GitHub
Build the program from source using Go build tools
Create a config.json file with your API keys for supported services
Run the compiled executable from the command lineno flag
Manually enter SHA256 hashes one by one via standard input
-f <path/to/file>
Provide a file containing a list of SHA256 hashes separated by carriage returns for batch processing