irt/docker_nsrl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Rework to CIRCL hashlookup offline bloom (SHA-1)

Browse Source 
Replace the self-built 2021 NSRL RDS md5 bloom with CIRCL's offline
hashlookup-full.bloom (SHA-1, NSRL + more), downloaded at build. Old
single-hash CLI preserved (now SHA-1); 'analyse -d <dir>' runs
hashlookup-forensic-analyser against the bundled bloom.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
tabledevil
2026-06-10 13:38:48 +02:00
parent 0d374d6bdb
commit 09ab281881
6 changed files with 97 additions and 246 deletions
Download Patch File Download Diff File Expand all files Collapse all files
entrypoint.sh
Executable
+13
View File
@@ -0,0 +1,13 @@
#!/bin/bash
# nsrl entrypoint — dispatches between single-hash lookup and directory mode.
# <sha1> ... | -s | -h -> search.py (old NSRL CLI, SHA-1)
# analyse [args] -> hashlookup-forensic-analyser with the
# bundled bloom (e.g. analyse -d /data)
set -euo pipefail
if [ "${1:-}" = "analyse" ] || [ "${1:-}" = "analyze" ]; then
shift
exec python3 /opt/hfa/bin/hashlookup-analyser.py \
--bloomfilters /nsrl/hashlookup-full.bloom "$@"
fi
exec python3 /nsrl/search.py "$@"