NAME¶
binwalk - tool for searching binary images for embedded files and executable
code
SYNOPSIS¶
binwalk [
OPTIONS] [
FILE1] [
FILE2] [
FILE3]
...
DESCRIPTION¶
Binwalk v2.0.0 Craig Heffner,
http://www.binwalk.org
Signature Scan Options:¶
- -B, --signature
- Scan target file(s) for common file signatures
- -R, --raw=<str>
- Scan target file(s) for the specified sequence of bytes
- -A, --opcodes
- Scan target file(s) for common executable opcodes
- -C, --cast
- Cast offsets as a given data type (use -y to specify the data type
/ endianness)
- -m, --magic=<file>
- Specify a custom magic file to use
- -b, --dumb
- Disable smart signature keywords
- -e, --extract
- Automatically extract known file types
- -D, --dd=<type:ext:cmd>
- Extract <type> signatures, give the files an extension of
<ext>, and execute <cmd>
- -M, --matryoshka
- Recursively scan extracted files
- -d, --depth=<int>
- Limit matryoshka recursion depth (default: 8 levels deep)
- -j, --size=<int>
- Limit the size of each extracted file
- -r, --rm
- Cleanup extracted / zero-size files after extraction
- -z, --carve
- Carve data from files, but don't execute extraction utilities
Entropy Analysis Options:¶
- -E, --entropy
- Calculate file entropy
- -J, --save
- Save plot as a PNG
- -N, --nplot
- Do not generate an entropy plot graph
- -Q, --nlegend
- Omit the legend from the entropy plot graph
Binary Diffing Options:¶
- -W, --hexdump
- Perform a hexdump / diff of a file or files
- -G, --green
- Only show lines containing bytes that are the same among all files
- -i, --red
- Only show lines containing bytes that are different among all files
- -U, --blue
- Only show lines containing bytes that are different among some files
- -w, --terse
- Diff all files, but only display a hex dump of the first file
Fuzzy Hash Options:¶
- -F, --fuzzy
- Perform fuzzy hash matching on files/directories
- -u, --cutoff=<int>
- Set the cutoff percentage
- -S, --strings
- Diff strings inside files instead of the entire file
- -s, --same
- Only show files that are the same
- -p, --diff
- Only show files that are different
- -n, --name
- Only compare files whose base names are the same
- -L, --symlinks
- Don't ignore symlinks
Heuristic Compression Options:¶
- -H, --heuristic
- Heuristically classify high entropy data
- -a, --trigger=<float>
- Set the entropy trigger level (0.0 - 1.0, default: 0.90)
Raw Compression Options:¶
- -X, --deflate
- Scan for raw deflate compression streams
Binary Visualization Options:¶
- -3, --3D
- Generate a 3D binary visualization
- -2, --2D
- Project data points onto 3D cube walls only
- -Z, --points=<int>
- Set the maximum number of plotted data points
- -V, --grids
- Display the x-y-z grids in the resulting plot
General Options:¶
- -l, --length=<int>
- Number of bytes to scan
- -o, --offset=<int>
- Start scan at this file offset
- -K, --block=<int>
- Set file block size
- -g, --swap=<int>
- Reverse every n bytes before scanning
- -I, --invalid
- Show results marked as invalid
- -x, --exclude=<str>
- Exclude results that match <str>
- -y, --include=<str>
- Only show results that match <str>
- -f, --log=<file>
- Log results to file
- -c, --csv
- Log results to file in CSV format
- -t, --term
- Format output to fit the terminal window
- -q, --quiet
- Suppress output to stdout
- -v, --verbose
- Enable verbose output
- -h, --help
- Show help output