File Integrity & Hash Toolkit
Security & Integrity Tools
Instant

File Integrity & Hash Toolkit

Freebugcircuit-hash.zip · 29 KB · v1.0.0

Fingerprint, snapshot, and verify your files with one dependency-free Python script.

bugcircuit-hash is a single-file, zero-dependency command-line toolkit for verifying that your files are exactly what you expect them to be. Whether you are shipping a release, guarding a web root against tampering, checking a backup for silent bit-rot, or confirming a download landed intact, it gives you cryptographic proof in one command. It runs on any machine with Python 3.8+ — Windows, macOS, or Linux — with nothing to install: download the file and run it.

The toolkit bundles four focused commands. `hash` computes MD5, SHA-1, SHA-256, or SHA-512 digests of files or piped input, and its output is compatible with the familiar sha256sum checklist format (including a --check mode to verify one). `manifest` walks an entire directory tree and writes a deterministic, self-checked JSON snapshot recording every file's size and SHA-256. `verify` re-hashes that tree later and tells you precisely what was added, changed, or removed — perfect as a CI gate or a scheduled tamper-detection job, since it returns clean exit codes. `hmac` adds a secret key to the mix, producing tamper-evident tags that an attacker who only sees your files cannot forge.

Built for real-world operations, it streams large files in fixed-size chunks so memory stays flat on multi-gigabyte inputs, uses constant-time digest comparisons, supports glob-based exclusions for .git, logs, and caches, and offers --json output on every command for scripting. It is strictly passive and defensive — no network access, no scanning of third-party systems, and it never writes outside the paths you name. A free, professional-grade artifact from Bug Circuit, for use on the systems you own or are authorized to test.

How to use

  • Install Python 3.8 or newer (macOS and most Linux distros already have it; on Windows grab it from python.org).
  • Download bugcircuit-hash.py from Bug Circuit and open a terminal in the folder where you saved it.
  • Hash a file to get its fingerprint: python3 bugcircuit-hash.py hash ./yourfile
  • Snapshot a whole folder into a manifest: python3 bugcircuit-hash.py manifest ./yourfolder -o folder.manifest.json
  • Later, detect any tampering or corruption: python3 bugcircuit-hash.py verify folder.manifest.json ./yourfolder
  • For tamper-evident tags, set BUGCIRCUIT_HMAC_KEY and run: python3 bugcircuit-hash.py hmac ./yourfile
  • Add --json to any command for machine-readable output, and check the exit code (0 = clean, 1 = differences) to wire it into CI.

Example commands

python3 bugcircuit-hash.py hash ./release.tar.gz
python3 bugcircuit-hash.py hash --algo sha512 installer.exe
cat backup.sql | python3 bugcircuit-hash.py hash
python3 bugcircuit-hash.py hash *.iso > SHA256SUMS && python3 bugcircuit-hash.py hash --check SHA256SUMS
python3 bugcircuit-hash.py manifest /var/www/site --exclude '.git/*' --exclude '*.log' -o site.manifest.json
python3 bugcircuit-hash.py verify site.manifest.json /var/www/site --exclude '.git/*' --exclude '*.log'
python3 bugcircuit-hash.py --quiet verify site.manifest.json ./dist || exit 1
BUGCIRCUIT_HMAC_KEY='release-secret' python3 bugcircuit-hash.py hmac release.tar.gz

Free · MIT licensed · Python 3.8+ · no dependencies · runs on Windows, macOS & Linux. A free tool from Bug Circuit.

Download free

Downloads are free. You’ll sign in to a free store account (any email — takes 10 seconds) so you can re-download any time from your account.

Free & open — runs on your machineRe-download any time Real human support

Something not right with your order? Email [email protected] — the same team that runs our security audits makes it right.