Ssdeep Ruby Bindings
As I couldn’t find any ruby bindings for ssdeep, I decided to write it as my first ruby extension today … 
Installation (prerequisites)
You first need to compile/install the ssdeep library.
On debian testing:
1 | $ apt-get install ssdeep |
On other Linuxes/Unixes:
1 2 3 4 5 6 | $ wget http://sourceforge.net/projects/ssdeep/files/ssdeep-2.4/ssdeep-2.4.tar.gz/download $ tar zxvf ssdeep-2.4.tar.gz $ cd ssdeep-2.4/ $ ./configure --prefix=/opt $ make $ sudo make install |
On windows:
1 | $ There is no real shell, and I will not make screen-shots... ;) |
Installation (the real one)
To install it using rubygems:
1 | $ gem install ssdeep |
To install it using rubygems with a non standard ssdeep installatoin path:
1 | $ gem install ssdeep -- --with-ssdeep-dir=/path/to/ssdeep |
Usage
The bindings follow the ssdeep APIs: (for extended information on this functions, check the ssdeep API doc.)
- fuzzy_compare(“3:qGOvn:qRn”, “3:Wv:Wv”): Compare two fuzzy hashes.
- fuzzy_hash_buf(“data”): return the fuzzy hash of the data buffer.
- fuzzy_hash_filename(“/path/to/file”): return the fuzzy hash of the file
fuzzy_hash_file isn’t implemented.
Here is a little usage example :
1 2 3 4 5 6 7 | require 'ssdeep' # Fuzzy hash a buffer's content hash1 = Ssdeep.fuzzy_hash_buf("This string contains the data of first file :)") # Fuzzy hash the content of the file '/path/to/file' hash2 = Ssdeep.fuzzy_hash_filename("/path/to/file") # Compare the 2 hashes, a value between 0 (no match) and 100 (full match) is returned Ssdeep.fuzzy_compare(hash1, hash2) |
Et voilà
Links
Ssdeep Ruby bindings source code
RubyGems project page
Ssdeep project page