About HashScanner
We built the tool we wished existed during investigations
NSRL known-file lookups for people who can’t afford to download the RDS and check one hash at a time.
The problem we’re solving
During a forensic investigation or malware triage, you might have hundreds or thousands of file hashes to work through. The NIST NSRL is the authoritative catalog of known files — but using it locally means downloading and maintaining the Reference Data Set, which now extracts to roughly 700 GB of databases, then wiring up hfind or hashdb. That’s a lot of setup before you can answer one question: is this file known?
HashScanner was built to remove that overhead. Submit a bulk list of MD5, SHA-1, or SHA-256 hashes and instantly see which are cataloged in NSRL — the same RDS data, queryable in bulk and at scale. Filter out the known and focus on the unknown. What used to take a download and an afternoon takes one API call.
A match means a file is known — cataloged in NSRL — not that it’s safe or malicious. We use AI internally to process and structure the NSRL dataset efficiently; it is not an analysis layer over your results. We keep the product to one thing and do it well.
Based in London, UK
HashScanner is built and maintained by a small team of security practitioners based in London. We use this tool ourselves. When something matters enough to build, it matters enough to build properly.
If you’re a security team, MSSP, or vendor who wants to talk about how HashScanner fits into your workflow — get in touch.