https://github.com/bsi-group/nsrls

nsrls is a server designed to provide access to the NSRL hash data set
https://github.com/bsi-group/nsrls

Last synced: about 2 months ago
JSON representation

nsrls is a server designed to provide access to the NSRL hash data set

• Host: GitHub
• URL: https://github.com/bsi-group/nsrls
• Owner: bsi-group
• Created: 2015-11-25T13:41:17.000Z (about 10 years ago)
• Default Branch: master
• Last Pushed: 2015-11-26T09:09:52.000Z (about 10 years ago)
• Last Synced: 2024-06-20T12:07:07.534Z (over 1 year ago)
• Language: Go
• Homepage:
• Size: 1.03 MB
• Stars: 6
• Watchers: 3
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: readme.md

Awesome Lists containing this project

• security-apis - Link!

README

          
nsrls (NSRL Server)

===================

nsrls is a server designed to provide access to the [National Software Reference Library (NSRL)](http://www.nsrl.nist.gov/Downloads.htm)  hash data set. There are 

two methods to access the data either running as a single process or using a JSON 

HTTP API. The HTTP JSON API can be used by the nsrlc (NSRL Client) or directly by 

other applications or processes.

## Importing ##

The **nsrls** application can perform show data manipulation when importing the 

data set. It can extract a specific field from a CSV file by using the **-s** or 

**--csvfield** parameters, so if the second field is to be used the use the value 

**2** for the parameter. If the import file has quotes around the hash data then 

they can be removed when importing by using the **-r** or **--removequotes** parameters. 

## HTTP API ##

The HTTP API has two different acess methods; a single hash can be checked using 

a HTTP GET request or a bulk request can be performed using a HTTP POST request.  

The IP local IP address and port that the HTTP server runs on are configured 

using the config file (nsrls.config). The **show_requests** option in the config 

file determines whether the HTTP requests against the server are displayed in the 

console. 

The HTTP API is located by default at the following URL's:

```

    http://127.0.0.1:8080/single (GET)

    http://127.0.0.1:8080/bulk   (POST)

```

### Single ###

The single API URL takes a hash value in the URL like so:

```

    http://127.0.0.1:8080/single/392126E756571EBF112CB1C1CDEDF926

```

### Bulk ###

The bulk API uses a HTTP POST request like so, with the hashes each separated 

by a hash (#) character:

```

    POST http://127.0.0.1:8080/bulk HTTP/1.1

    Content-Type: application/x-www-form-urlencoded

    Content-Length: 65

    

    392126E756571EBF112CB1C1CDEDF926#8E23576EF5AEF2D5457C8A24BF5F740A

```

The NSRL client application by default sends up to 1000 hashes per batch.

### Return Data ###

The HTTP API returns data in the JSON format as shown below:

```

    {"Hash":"8E23576EF5AEF2D5457C8A24BF5F740A","Exists":true}

```

## Single Use (File) Mode ##

The server can be used to perform a single use lookup against a input file using

the **-m** parameter and a value of **f** (file). The server will import the hash

data, process the input file containing multiple hashes and extract the data to 

an output file.

### Output ###

When in single use mode, the application outputs directly to a file. The output 

format can be defined by the command line parameters. The options for the output

format are:

 

- i: Outputs only the identified hashes

- u: Outputs only the unidentified hashes

- a: Outputs both the identified and unidentified hashes, along with a status column

## Configuration ##

- Make sure all of the paths specified in the config file are fully qualified

- Ensure that there is a log directory created, and that the user can write to it

```

     sudo mkdir /var/log/nsrls

     sudo chown  /var/log/nsrls

```