?

Log in

Kyrus Beta Testing NSRLquery Server - A Geek Raised by Wolves [entries|archive|friends|userinfo]
jessekornblum

[ website | My Website ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Links
[Links:| Browse by Tag LiveJournal Portal Update Journal Logout ]

Kyrus Beta Testing NSRLquery Server [Jan. 26th, 2012|01:06 pm]
jessekornblum
[Tags|, ]

Kyrus is beta testing a public NSRLquery server and we invite you try it out! This server allows you to submit file hashes to determine if those files are present in the National Software Reference Library (NSRL). Our server, nsrl.kyr.us, is free to use. You can submit MD5 hashes using the nsrllookup client. It's designed to use hashes such as those generated by md5deep or md5sum.

Feel free to try it out or use it in your next investigation. For example, you could be working on-site and want to consult the NSRL. Didn't bring all 1.5GB of it with you? No problem! Pipe the output of md5deep into nsrllookup, like this:
C:\> md5deep -r * | nsrllookup -s nsrl.kyr.us
305e40dee29d261d0a3dc466f2184e35  unknown.exe
607e033a16006ed1e9987cfc62562f72  EVILEVIL.exe
By default the server returns the hashes of those files which are not in the NSRL. If you instead want the hashes of the files which are in the NSRL, just add the -k flag. For example:
C:\> md5deep -r * | nsrllookup -s nsrl.kyr.us -k
e97295de2a9fde547feab4fe41df16ca  mspaint.exe
eee470f2a771fc0b543bdeef74fceca0  msiexec.exe
If you'd rather not pipe the output directly, you can use a previously saved file of hashes:
C:\> type known.txt | nsrllookup -s nsrl.kyr.us
or
C:\> nsrllookup -s nsrl.kyr.us < known.txt
There are a few other command line options. Use the -h flag to see them all.

If you try out the server, please let me know what you think! Post a comment below or send mail to jessek [at] kyr [dot] us.
LinkReply