0

Issue Description: I'm trying to comply with our Security Advisories. The advisories contain nearly 1000 MD5 & Sha 256 file hashes. I need to convert them into sha1 and update them in our endpoint security product because our endpoint security product only accepts SHA1 hashes. Normally, we use Virus Total (https://www.virustotal.com/#/home/search) to get the SHA1 hashes. But I can only put 1 SHA256 or MD5 hash at a time. Converting hashes into Sha1 is definitely going to take up a lot of production time.

Question: Is there any way, I can automate the conversion process?

PS: We are running a Windows environment.

TIA

Faheem Memon
  • 1
  • 1
  • Where do the hashes come from? Files? Strings? You can use simple shell scripts and command line tools to create hashes from both. – Gerald Schneider Jul 30 '18 at 07:14
  • @GeraldSchneider If OP has *only* the MD5 and SHA256 hashes, then getting the corresponding SHA1 hashes is going to be rather difficult. Thankfully, if your answer is accurate, that's not quite the situation they're in. – user Jul 30 '18 at 08:58

1 Answers1

1

If I understand your question correctly, you have hashes for malware and you need the SHA1 hashes of those malware code instead of MD5 and SHA256.

If this is the case, you can use the API of the VirusTotal site you are already using to query their database directly.

First you need to get an API key.

In order to use the API you must sign up to VirusTotal Community. Once you have a valid VirusTotal Community account you will find your personal API key in your personal settings section. This key is all you need to use the VirusTotal API.

With this API key you can use the API to get the SHA1 hashes from their database.

The API is documented here:

https://developers.virustotal.com/v2.0/reference#file-search

There are also libraries for most popular scripting and programming languages to make the usage of the API easier:

https://support.virustotal.com/hc/en-us/articles/115002146469-API-scripts

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
  • Thanks for your response. I'm looking for bulk conversion of sha1 hashes from sha256 & md5 hashes. I've just singed up on Virus Total. But I'm still trying to understand if this will get the job done. Lastly, how can I use the API Scripts. Thanks. – Faheem Memon Jul 30 '18 at 11:34
  • It is not possible to "convert" one hash to another. hashes are not reversable. VirusTotal has a database that allows you to look up one hash, and provides you with different hashes of the same source. This is your only way except to get all source files and generate the hashes yourself. – Gerald Schneider Jul 30 '18 at 11:39
  • The API is well documented. We don't provide finished scripts here, you have to do something yourself. You have a list of your hashes. Loop over it with a script and query the API one by one. – Gerald Schneider Jul 30 '18 at 11:40
  • Thanks Gerald, appreciated your support. I was wondering what would make a difference by going that way as you can already get the sha1 hash but only one at a time. What I was looking for was any automation, like python, powershell or Shell scripting to get multiple sha1 hashes from sha256s and md5s. Thanks mate! Cheers! – Faheem Memon Jul 31 '18 at 04:22