File Integrity Auditor
Create and verify SHA-256 hash manifests for folders — detect added, modified, or deleted files. Multi-algorithm support, exclude patterns, CSV/JSON export, manifest diff visualization. 100% client-side.
About File Integrity Auditor
Create and verify SHA-256 hash manifests for folders — detect added, modified, or deleted files. Multi-algorithm support, exclude patterns, CSV/JSON export, manifest diff visualization. 100% client-side. Everything runs locally in your browser — your data never leaves your device.
How to use
- Enter your input in the tool above.
- Adjust any options to your preference.
- Use the Copy or Download buttons to save the result.
- Everything happens locally — your data never leaves your browser.
FAQ
What does this tool do?
It scans a folder of files and produces a hash manifest — a list of file paths paired with their SHA-256 (or SHA-1, SHA-512, MD5) hashes. Later, you can re-scan the same folder and verify the manifest to detect which files were added, modified, or deleted.
How do I scan a folder?
Use the 'Pick folder' button (Chrome / Edge / Firefox 100+ support directory picking via webkitdirectory). On browsers without directory support, drag-drop a folder or pick multiple files manually. Every file is hashed via WebCrypto — large files stream in chunks of 4 MB to avoid memory blowup.
What is a manifest?
A JSON or CSV file containing the relative path, size, last-modified date, and hash of every file in the audited folder. Save it once, and you can re-import it later to verify the folder's current state against the original baseline.
Which algorithms are supported?
SHA-256 (default, recommended), SHA-512, SHA-1, MD5. SHA-1 and MD5 are deprecated for cryptographic integrity but remain available for legacy manifest verification. Switch the algorithm in the options before creating a manifest.
Can I exclude files?
Yes. Use glob-style exclude patterns like *.log, .git/*, node_modules/*, *.tmp. Patterns match against the relative path. Multiple patterns can be combined with commas.
What extra features does this tool have compared to others?
10 extras: (1) Drag-drop folder. (2) Progress bar showing files processed / total. (3) Multiple hash algorithms (SHA-256/SHA-512/SHA-1/MD5). (4) Manifest stats — file count, total size, average size. (5) File filter — show only added / modified / deleted / unchanged. (6) Exclude patterns (glob-style). (7) Manifest diff visualization — color-coded rows for added (green), modified (amber), deleted (red). (8) Copy changed-files list as plain text. (9) History of recent audits (localStorage). (10) Shareable URL encoding algorithm + exclude patterns.
Is my data uploaded anywhere?
No. All hashing runs in your browser via WebCrypto. File contents never leave your device. Only the manifest (paths + hashes) is saved if you choose to export or save to history.
How big a folder can I audit?
There's no hard limit — we hash files in 4 MB chunks via streaming, so even multi-GB files work. Very large folders (10,000+ files) will take a while; the progress bar keeps you informed.
Related tools
7Z Extractor
Inspect and extract files from 7z archives. Detects the 7z signature (0x37 0x7A 0xBC 0xAF 0x27 0x1C), parses the SignatureHeader and StartHeader, lists files from the archive metadata, and extracts STORE-method files when possible. Honest about LZMA compression limitations. 100% client-side.
APK Extractor
Extract and inspect Android APK files in the browser — pure JavaScript APK (ZIP) parser. View AndroidManifest.xml (binary XML detection), list DEX files, resources, and assets, extract individual files, detect app info (package name, version) from manifest. 100% client-side.
ARJ Extractor
Inspect ARJ archives. Detects the ARJ magic (0x60 0xEA), parses header structures, lists file entries with sizes and CRCs, and extracts STORE-method files when possible. Honest about ARJ compression limitations. 100% client-side.