← Back to Projects

Simple File Integrity Monitor

February 21, 2026 View Source ↗
pythoncybersecuritydfirdetection

A Python tool that monitors file changes using SHA-256 hashes and sends diff alerts to Discord.

Simple-FIM

Simple-FIM is a lightweight tool I wrote in Python to keep track of file changes. It’s meant to be a straightforward way to monitor directories for any unauthorized modifications, deletions, or new files without the complexity of a full enterprise solution.

What it does

The main goal of the tool is to give you visibility into what’s happening with your files.

  • Monitoring: You can point it at a single file or an entire directory. If you choose a directory, it scans everything inside recursively.
  • Detecting Changes: It calculates a SHA-256 hash for every file. If the hash changes between scans, it knows the file was tampered with.
  • Forensic Diffs: If a text file is modified, the tool doesn’t just tell you it changed; it generates a diff showing the exact lines that were added or removed.
  • Alerting: It logs everything to a local file, but it also sends real-time alerts to a Discord channel via webhooks.

How it works

The script works on a simple loop. It takes an initial “baseline” of your files and then checks back every few seconds to see if anything is different.

To keep it fast, I used multi-threading. This allows the script to hash multiple files at the same time, which is pretty much required if you’re watching a large directory.

def calculate_hash(file_path):
    # Using a buffer to handle large files efficiently
    sha256_hash = hashlib.sha256()
    with open(file_path, "rb") as f:
        for byte_block in iter(lambda: f.read(1048576), b""):
            sha256_hash.update(byte_block)
    return sha256_hash.hexdigest()

When it finds a mismatch, it triggers a function to calculate the differences and then pushes that info out through the Discord webhook.

Key Features

  • Parallel Hashing: Uses ThreadPoolExecutor to speed up scans.
  • Smart Filtering: Automatically skips trying to diff binary files (like images or executables) to avoid generating garbled text.
  • Color-Coded Alerts: Discord messages are color-coded (Green for New, Orange for Deleted, Red for Modified) so you can see the status at a glance.
  • Persistent Logging: Every event is time-stamped and saved to a local log file for later review.

Tech Stack

I tried to keep the dependencies minimal so it’s easy to run anywhere:

  • Python 3.12
  • Hashlib (SHA-256 hashing)
  • Difflib (Generating the diffs)
  • Requests (Discord API communication)
  • Concurrent.futures (Multi-threading)