Public | Automated Build

Last pushed: 3 years ago
Short Description
Database Hash Search: NSLR, Mandiant m-whitelist, ... (58 MB)
Full Description


Known Files Hashes (KFH)

Docker container to ask for hashes of known files. It shrinks big database (larger than 2 GB) to Docker container of less than 100 MB by using bloom filters.
Currently it is smallest known Docker implementation of such databases. It implements bloom filter from:

Image is based on the gliderlabs/alpine base image

Docker image size

Docker image usage

docker run k0st/kfh [MD5] [MD5] ...


Check MD5 of notepad.exe (16f769bc1d37cc14e3093b9881cf1691)

docker run --rm k0st/kfh 16f769bc1d37cc14e3093b9881cf1691

You can also check for multiple MD5s on command line:

docker run --rm k0st/kfh 16f769bc1d37cc14e3093b9881cf1691 eeb024f2c81f0d55936fb825d21a91d6 62b84d99295346af5a3b1a9c3bde04ab

You can start checking interactively (each pattern on each line):

docker run --rm k0st/kfh -f -

You can check from file (each patern on each line):

docker run --rm -v /path/to/host/dir/with/search.hashes/file:/work:rw k0st/kfh -f search.hashes


  • [x] Merge m-whitelist
  • [x] add interactive option (take input from stdin)
  • [x] add example for taking input from file


Inspired by:

Docker Pull Command
Source Repository