We built the tool we wished existed during investigations

NSRL known-file lookups for people who can’t afford to download the RDS and check one hash at a time.

The problem we’re solving

During a forensic investigation or malware triage, you might have hundreds or thousands of file hashes to work through. The NIST NSRL is the authoritative catalog of known files — but using it locally means downloading and maintaining the Reference Data Set, which now extracts to roughly 700 GB of databases, then wiring up hfind or hashdb. That’s a lot of setup before you can answer one question: is this file known?

HashScanner was built to remove that overhead. Submit a bulk list of MD5, SHA-1, or SHA-256 hashes and instantly see which are cataloged in NSRL — the same RDS data, queryable in bulk and at scale. Filter out the known and focus on the unknown. What used to take a download and an afternoon takes one API call.

A match means a file is known — cataloged in NSRL — not that it’s safe or malicious. We use AI internally to process and structure the NSRL dataset efficiently; it is not an analysis layer over your results. We keep the product to one thing and do it well.

1.5B+
NSRL known file records
<200ms
Typical single cached lookup
100k
Hashes per bulk job
24/7
Global availability

Based in London, UK

HashScanner is built and maintained by a small team of security practitioners based in London. We use this tool ourselves. When something matters enough to build, it matters enough to build properly.

If you’re a security team, MSSP, or vendor who wants to talk about how HashScanner fits into your workflow — get in touch.