hashdeep 命令

常用示例

说明

hashdeep computes multiple cryptographic hashes simultaneously for files and directories. Unlike single-hash tools, it calculates MD5 and SHA-256 by default, providing stronger verification through multiple algorithms. The tool excels at file integrity verification and digital forensics. It can create manifests of known-good files, then audit systems to detect changes, additions, or deletions. Audit mode reports file states: MATCH for identical files, MISMATCH for modified files, MISSING for deleted files, and NEW for added files. Output follows the DFXML-compatible hashdeep format, including file size, hash values, and path. This format can be loaded with -k for later verification. The tool handles large directory trees efficiently with recursive scanning and optional threading.

参数

-c _ALG_

Compute hashes using specified algorithms (md5, sha1, sha256, tiger, whirlpool); default is md5,sha256

-r

Recursive mode; traverse all subdirectories

-k _FILE_

Load file of known hashes for comparison

-a

Audit mode; compare files against known hashes

-m

Positive matching; only show files that match known hashes

-x

Negative matching; only show files NOT in known hashes

-M

Like -m but also print hash of each matching file

-X

Like -x but also print hash of each non-matching file

-w

When auditing, display which known file matched

-e

Display progress indicator and time estimate

-s

Silent mode; suppress error messages

-b

Bare mode; strip directory paths from output

-l

Use relative file paths instead of absolute

-p _SIZE_

Piecewise mode; break files into chunks before hashing

-v

Verbose mode; use multiple times for more detail

-j _NUM_

Use specified number of threads

-d

Output in DFXML format

-h

Show help message

-V

Show version