|Kyrus Beta Testing NSRLquery Server
||[Jan. 26th, 2012|01:06 pm]
Kyrus is beta testing a public NSRLquery server and we invite you try it out! This server allows you to submit file hashes to determine if those files are present in the National Software Reference Library (NSRL). Our server, nsrl.kyr.us, is free to use. You can submit MD5 hashes using the nsrllookup client. It's designed to use hashes such as those generated by md5deep or md5sum.
Feel free to try it out or use it in your next investigation. For example, you could be working on-site and want to consult the NSRL. Didn't bring all 1.5GB of it with you? No problem! Pipe the output of md5deep into nsrllookup, like this:
C:\> md5deep -r * | nsrllookup -s nsrl.kyr.us
607e033a16006ed1e9987cfc62562f72 EVILEVIL.exeBy default the server returns the hashes of those files which are not in the NSRL. If you instead want the hashes of the files which are in the NSRL, just add the -k flag. For example:
C:\> md5deep -r * | nsrllookup -s nsrl.kyr.us -k
eee470f2a771fc0b543bdeef74fceca0 msiexec.exeIf you'd rather not pipe the output directly, you can use a previously saved file of hashes:
C:\> type known.txt | nsrllookup -s nsrl.kyr.us or
C:\> nsrllookup -s nsrl.kyr.us < known.txtThere are a few other command line options. Use the -h flag to see them all.
If you try out the server, please let me know what you think! Post a comment below or send mail to jessek [at] kyr [dot] us.