As I couldn't find any ruby bindings for ssdeep, I decided to write it as my first ruby extension today ... :)
Installation (prerequisites)
You first need to compile/install the ssdeep library. On debian testing:
$ apt-get install ssdeep
On other Linuxes/Unixes:
$ wget http://sourceforge.net/projects/ssdeep/files/ssdeep-2.4/ssdeep-2.4.tar.gz/download
$ tar zxvf ssdeep-2.4.tar.gz
$ cd ssdeep-2.4/
$ ./configure --prefix=/opt
$ make
$ sudo make install
On windows:
$ There is no real shell, and I will not make screen-shots... ;)
Installation (the real one)
To install it using rubygems:
$ gem install ssdeep
To install it using rubygems with a non standard ssdeep installatoin path:
$ gem install ssdeep -- --with-ssdeep-dir=/path/to/ssdeep
Usage
The bindings follow the ssdeep APIs: (for extended information on this functions, check the ssdeep API doc.)
- fuzzy_compare("3:qGOvn:qRn", "3:Wv:Wv"): Compare two fuzzy hashes.
- fuzzy_hash_buf("data"): return the fuzzy hash of the data buffer.
- fuzzy_hash_filename("/path/to/file"): return the fuzzy hash of the file
fuzzy_hash_file isn't implemented. Here is a little usage example :
require 'ssdeep'
# Fuzzy hash a buffer's content
hash1 = Ssdeep.fuzzy_hash_buf("This string contains the data of first file :)")
# Fuzzy hash the content of the file '/path/to/file'
hash2 = Ssdeep.fuzzy_hash_filename("/path/to/file")
# Compare the 2 hashes, a value between 0 (no match) and 100 (full match) is returned
Ssdeep.fuzzy_compare(hash1, hash2)
Et voilĂ :)
Comments !