Skip to content
This repository has been archived by the owner on Jun 7, 2023. It is now read-only.

Commit

Permalink
Merge pull request #654 from TcM1911/fuzzy-threshold
Browse files Browse the repository at this point in the history 
Fuzzy threshhold value impovements (closes #376)
  • Loading branch information
@botherder
botherder committed Feb 18, 2018
2 parents edcefd4 + e03064b commit a6dd35e
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions viper/modules/fuzzy.py
View file
Expand Up @@ -25,6 +25,7 @@ def __init__(self):
super(Fuzzy, self).__init__()
self.parser.add_argument('-v', '--verbose', action='store_true', help="Prints verbose logging")
self.parser.add_argument('-c', '--cluster', action='store_true', help="Cluster all available samples by ssdeep") # noqa
self.parser.add_argument('-t', '--threshold', type=int, default=40, help="Score threshold")

def _get_ssdeep_bytes(self, ssdeep):
# In an older database, you may endup with some hashes in binary form...
Expand Down Expand Up @@ -81,7 +82,7 @@ def run(self):

member_ssdeep = db.find(key='md5', value=member_hash)[0].ssdeep
if pydeep.compare(self._get_ssdeep_bytes(sample.ssdeep),
self._get_ssdeep_bytes(member_ssdeep)) > 40:
self._get_ssdeep_bytes(member_ssdeep)) > self.args.threshold:
if arg_verbose:
self.log('info', "Found home for {0} in cluster {1}".format(sample.md5, cluster_name))

Expand Down Expand Up @@ -127,7 +128,7 @@ def run(self):
score = pydeep.compare(self._get_ssdeep_bytes(__sessions__.current.file.ssdeep),
self._get_ssdeep_bytes(sample.ssdeep))

if score > 40:
if score > self.args.threshold:
matches.append(['{0}%'.format(score), sample.name, sample.sha256])

if arg_verbose:
Expand Down

0 comments on commit a6dd35e

Please sign in to comment.