From e03064b193c2927d3d6481652ea5d0e50d16f072 Mon Sep 17 00:00:00 2001 From: Joakim Kennedy Date: Sat, 10 Feb 2018 21:51:02 +0000 Subject: [PATCH] fuzzy threshhold value impovements * Pass in threshold via argument. --- viper/modules/fuzzy.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/viper/modules/fuzzy.py b/viper/modules/fuzzy.py index d3e01f4ed..e585cce1f 100644 --- a/viper/modules/fuzzy.py +++ b/viper/modules/fuzzy.py @@ -25,6 +25,7 @@ def __init__(self): super(Fuzzy, self).__init__() self.parser.add_argument('-v', '--verbose', action='store_true', help="Prints verbose logging") self.parser.add_argument('-c', '--cluster', action='store_true', help="Cluster all available samples by ssdeep") # noqa + self.parser.add_argument('-t', '--threshold', type=int, default=40, help="Score threshold") def _get_ssdeep_bytes(self, ssdeep): # In an older database, you may endup with some hashes in binary form... @@ -81,7 +82,7 @@ def run(self): member_ssdeep = db.find(key='md5', value=member_hash)[0].ssdeep if pydeep.compare(self._get_ssdeep_bytes(sample.ssdeep), - self._get_ssdeep_bytes(member_ssdeep)) > 40: + self._get_ssdeep_bytes(member_ssdeep)) > self.args.threshold: if arg_verbose: self.log('info', "Found home for {0} in cluster {1}".format(sample.md5, cluster_name)) @@ -127,7 +128,7 @@ def run(self): score = pydeep.compare(self._get_ssdeep_bytes(__sessions__.current.file.ssdeep), self._get_ssdeep_bytes(sample.ssdeep)) - if score > 40: + if score > self.args.threshold: matches.append(['{0}%'.format(score), sample.name, sample.sha256]) if arg_verbose: