I am working with Kali Linux and I wanted to make sure the VM I downloaded hasn't been tampered with. Offensive Security recommends doing this everytime you download Kali. How can we check the provided SHA265Sum from Offensive Security with the file we downloaded? macOS has a bulit in tool called shasum which can help us.
The command looks like this: shasum -a 256 /path/to/file.7z. We pass the -a flag to specify the algorithm. According to the man page, shasum can handle these algorithms: 1, 224, 256, 384, 512, 512224, 512256.
Running the command on my downloaded file, it looks like a match...
shasum -a 256 kali-linux-2018.4-vm-amd64.7z
7edc27ad5924da6ca4a5549744704ada38068ccf37b40b415c87b824ff71de29 kali-linux-2018.4-vm-amd64.7z
Let's make sure. This command will compare the two strings and return nothing if they match.
diff <(echo "$SHA256_from_website" ) <(echo "$SHA256_from_shasum_command")
After running the two SHA256Sums through this command, my terminal returned nothing. We now know definitively that SHA256Sums match.