ssdeep missing

[truesamurai]

I have ssdeep already installed, but dntwist gives me this error:

dnstwist.py: notice: missing module: ssdeep (fuzzy hashes not available)

I'm on latest Kali version. Any idea how to fix?

[elceef]

You need ssdeep wrapper for Python. Try searching for python3-ssdeep package.

[truesamurai]

You need ssdeep wrapper for Python. Try searching for python3-ssdeep package.

When I try to install ssdeep package I get massive error:

`Collecting ssdeep
  Using cached https://files.pythonhosted.org/packages/e0/d3/f17602a7dde1231d332f4067fdd421057ffe335c3bbc295e7ccfab769d95/ssdeep-3.4.tar.gz
    ERROR: Command errored out with exit status 1:
     command: /usr/bin/python3 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-tyc602uy/ssdeep/setup.py'"'"'; __file__='"'"'/tmp/pip-install-tyc602uy/ssdeep/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base pip-egg-info
         cwd: /tmp/pip-install-tyc602uy/ssdeep/
    Complete output (102 lines):
    running egg_info
    creating pip-egg-info/ssdeep.egg-info
    writing pip-egg-info/ssdeep.egg-info/PKG-INFO
    writing dependency_links to pip-egg-info/ssdeep.egg-info/dependency_links.txt
    writing requirements to pip-egg-info/ssdeep.egg-info/requires.txt
    writing top-level names to pip-egg-info/ssdeep.egg-info/top_level.txt
    writing manifest file 'pip-egg-info/ssdeep.egg-info/SOURCES.txt'
    src/ssdeep/__pycache__/_ssdeep_cffi_a28e5628x27adcb8d.c:213:14: fatal error: fuzzy.h: Bestand of map bestaat niet
      213 |     #include "fuzzy.h"
          |              ^~~~~~~~~
    compilation terminated.
    Traceback (most recent call last):
      File "/usr/lib/python3.7/distutils/unixccompiler.py", line 118, in _compile
        extra_postargs)
      File "/usr/lib/python3.7/distutils/ccompiler.py", line 910, in spawn
        spawn(cmd, dry_run=self.dry_run)
      File "/usr/lib/python3.7/distutils/spawn.py", line 36, in spawn
        _spawn_posix(cmd, search_path, dry_run=dry_run)
      File "/usr/lib/python3.7/distutils/spawn.py", line 159, in _spawn_posix
        % (cmd, exit_status))
    distutils.errors.DistutilsExecError: command 'x86_64-linux-gnu-gcc' failed with exit status 1

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "/opt/buster/.eggs/cffi-1.12.3-py3.7-linux-x86_64.egg/cffi/ffiplatform.py", line 51, in _build
        dist.run_command('build_ext')
      File "/usr/lib/python3.7/distutils/dist.py", line 985, in run_command
        cmd_obj.run()
      File "/usr/lib/python3/dist-packages/setuptools/command/build_ext.py", line 84, in run
        _build_ext.run(self)
      File "/opt/buster/.eggs/Cython-0.29.13-py3.7-linux-x86_64.egg/Cython/Distutils/old_build_ext.py", line 186, in run
        _build_ext.build_ext.run(self)
      File "/usr/lib/python3.7/distutils/command/build_ext.py", line 340, in run
        self.build_extensions()
      File "/opt/buster/.eggs/Cython-0.29.13-py3.7-linux-x86_64.egg/Cython/Distutils/old_build_ext.py", line 194, in build_extensions
        self.build_extension(ext)
      File "/usr/lib/python3/dist-packages/setuptools/command/build_ext.py", line 205, in build_extension
        _build_ext.build_extension(self, ext)
      File "/usr/lib/python3.7/distutils/command/build_ext.py", line 534, in build_extension
        depends=ext.depends)
      File "/usr/lib/python3.7/distutils/ccompiler.py", line 574, in compile
        self._compile(obj, src, ext, cc_args, extra_postargs, pp_opts)
      File "/usr/lib/python3.7/distutils/unixccompiler.py", line 120, in _compile
        raise CompileError(msg)
    distutils.errors.CompileError: command 'x86_64-linux-gnu-gcc' failed with exit status 1

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-install-tyc602uy/ssdeep/setup.py", line 165, in <module>
        ext_package="ssdeep",
      File "/usr/lib/python3/dist-packages/setuptools/__init__.py", line 145, in setup
        return distutils.core.setup(**attrs)
      File "/usr/lib/python3.7/distutils/core.py", line 148, in setup
        dist.run_commands()
      File "/usr/lib/python3.7/distutils/dist.py", line 966, in run_commands
        self.run_command(cmd)
      File "/usr/lib/python3.7/distutils/dist.py", line 985, in run_command
        cmd_obj.run()
      File "/usr/lib/python3/dist-packages/setuptools/command/egg_info.py", line 296, in run
        self.find_sources()
      File "/usr/lib/python3/dist-packages/setuptools/command/egg_info.py", line 303, in find_sources
        mm.run()
      File "/usr/lib/python3/dist-packages/setuptools/command/egg_info.py", line 534, in run
        self.add_defaults()
      File "/usr/lib/python3/dist-packages/setuptools/command/egg_info.py", line 570, in add_defaults
        sdist.add_defaults(self)
      File "/usr/lib/python3.7/distutils/command/sdist.py", line 226, in add_defaults
        self._add_defaults_python()
      File "/usr/lib/python3/dist-packages/setuptools/command/sdist.py", line 127, in _add_defaults_python
        build_py = self.get_finalized_command('build_py')
      File "/usr/lib/python3.7/distutils/cmd.py", line 299, in get_finalized_command
        cmd_obj.ensure_finalized()
      File "/usr/lib/python3.7/distutils/cmd.py", line 107, in ensure_finalized
        self.finalize_options()
      File "/usr/lib/python3/dist-packages/setuptools/command/build_py.py", line 34, in finalize_options
        orig.build_py.finalize_options(self)
      File "/usr/lib/python3.7/distutils/command/build_py.py", line 45, in finalize_options
        ('force', 'force'))
      File "/usr/lib/python3.7/distutils/cmd.py", line 287, in set_undefined_options
        src_cmd_obj.ensure_finalized()
      File "/usr/lib/python3.7/distutils/cmd.py", line 107, in ensure_finalized
        self.finalize_options()
      File "/tmp/pip-install-tyc602uy/ssdeep/setup.py", line 24, in finalize_options
        self.distribution.ext_modules = get_ext_modules()
      File "/tmp/pip-install-tyc602uy/ssdeep/setup.py", line 79, in get_ext_modules
        binding.verify()
      File "/tmp/pip-install-tyc602uy/ssdeep/src/ssdeep/binding.py", line 132, in verify
        libraries=self._libraries,
      File "/opt/buster/.eggs/cffi-1.12.3-py3.7-linux-x86_64.egg/cffi/api.py", line 464, in verify
        lib = self.verifier.load_library()
      File "/opt/buster/.eggs/cffi-1.12.3-py3.7-linux-x86_64.egg/cffi/verifier.py", line 104, in load_library
        self._compile_module()
      File "/opt/buster/.eggs/cffi-1.12.3-py3.7-linux-x86_64.egg/cffi/verifier.py", line 201, in _compile_module
        outputfilename = ffiplatform.compile(tmpdir, self.get_extension())
      File "/opt/buster/.eggs/cffi-1.12.3-py3.7-linux-x86_64.egg/cffi/ffiplatform.py", line 22, in compile
        outputfilename = _build(tmpdir, ext, compiler_verbose, debug)
      File "/opt/buster/.eggs/cffi-1.12.3-py3.7-linux-x86_64.egg/cffi/ffiplatform.py", line 58, in _build
        raise VerificationError('%s: %s' % (e.__class__.__name__, e))
    cffi.VerificationError: CompileError: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    ----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
`

[elceef]

This should resolve it: sudo apt install libfuzzy-dev

[funkwhatyouheard]

looks good in linux, there a windows version of that package?

Also looks like the GeoIP package is missing GeoIP.h file, but not the same issue.

[funkwhatyouheard]

Scratch the issue with GeoIP (at least on Kali). RTFM...

sudo apt install python3-dnspython python3-tld python3-geoip python3-whois \ python3-requests python3-ssdeep

Still curious about windows support, though.

[elceef]

GeoIP and ssdeep are just wrappers for C libraries which require compilation prior installing from PIP. You need to have essential build tools installed.

[HullaBrian]

I have made sure that I have the latest version of ssdeep however it seems as though the ssdeep command doesn't work. All that happens is a percentage of the original site (Which is 100% btw) and nothing else

[elceef]

The fuzzy hashing feature aims to detect mirrored web pages which are naturally very similar at HTML layer with the original one. Can you share the input domain you're scanning?

[HullaBrian]

I ran it on github.com. Now that I have looked through the results, it seems that it only returns a few percentages.

[bobiii84]

I am not getting any Fuzzy results from anything right now. I switched to your container and still no fuzzy scores.

[bobiii84]

I am not getting any Fuzzy results from anything right now. I switched to your container and still no fuzzy scores.

Sorry, figured it out. I had to --format it before I piped it to another file. Thanks!

[elceef]

Please note that the latest version of dnstwist is a bit smarter when it comes to detecting live phishing webpages with fuzzy hashes (reduced the number of false positives). Displays ssdeep scores only if effective URL does not match for the original domain name.

[F1uffyGoat]

pip install ssdeep