.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.13. .TH BINWALK "1" "September 2021" "binwalk 2.3.2" "User Commands" .SH NAME binwalk \- tool for searching binary images for embedded files and executable code .SH SYNOPSIS .B binwalk [\fI\,OPTIONS\/\fR] [\fI\,FILE1\/\fR] [\fI\,FILE2\/\fR] [\fI\,FILE3\/\fR] ... .SH DESCRIPTION Binwalk v2.3.2+dcb1403 Craig Heffner, ReFirmLabs https://github.com/ReFirmLabs/binwalk .SS "Signature Scan Options:" .TP \fB\-B\fR, \fB\-\-signature\fR Scan target file(s) for common file signatures .TP \fB\-R\fR, \fB\-\-raw=\fR Scan target file(s) for the specified sequence of bytes .TP \fB\-A\fR, \fB\-\-opcodes\fR Scan target file(s) for common executable opcode signatures .TP \fB\-m\fR, \fB\-\-magic=\fR Specify a custom magic file to use .TP \fB\-b\fR, \fB\-\-dumb\fR Disable smart signature keywords .TP \fB\-I\fR, \fB\-\-invalid\fR Show results marked as invalid .TP \fB\-x\fR, \fB\-\-exclude=\fR Exclude results that match .TP \fB\-y\fR, \fB\-\-include=\fR Only show results that match .SS "Extraction Options:" .TP \fB\-e\fR, \fB\-\-extract\fR Automatically extract known file types .TP \fB\-D\fR, \fB\-\-dd=\fR Extract signatures (regular expression), give the files an extension of , and execute .TP \fB\-M\fR, \fB\-\-matryoshka\fR Recursively scan extracted files .TP \fB\-d\fR, \fB\-\-depth=\fR Limit matryoshka recursion depth (default: 8 levels deep) .TP \fB\-C\fR, \fB\-\-directory=\fR Extract files/folders to a custom directory (default: current working directory) .TP \fB\-j\fR, \fB\-\-size=\fR Limit the size of each extracted file .TP \fB\-n\fR, \fB\-\-count=\fR Limit the number of extracted files .TP \fB\-r\fR, \fB\-\-rm\fR Delete carved files after extraction .TP \fB\-z\fR, \fB\-\-carve\fR Carve data from files, but don't execute extraction utilities .TP \fB\-V\fR, \fB\-\-subdirs\fR Extract into sub\-directories named by the offset .SS "Entropy Options:" .TP \fB\-E\fR, \fB\-\-entropy\fR Calculate file entropy .TP \fB\-F\fR, \fB\-\-fast\fR Use faster, but less detailed, entropy analysis .TP \fB\-J\fR, \fB\-\-save\fR Save plot as a PNG .TP \fB\-Q\fR, \fB\-\-nlegend\fR Omit the legend from the entropy plot graph .TP \fB\-N\fR, \fB\-\-nplot\fR Do not generate an entropy plot graph .TP \fB\-H\fR, \fB\-\-high=\fR Set the rising edge entropy trigger threshold (default: 0.95) .TP \fB\-L\fR, \fB\-\-low=\fR Set the falling edge entropy trigger threshold (default: 0.85) .SS "Binary Diffing Options:" .TP \fB\-W\fR, \fB\-\-hexdump\fR Perform a hexdump / diff of a file or files .TP \fB\-G\fR, \fB\-\-green\fR Only show lines containing bytes that are the same among all files .TP \fB\-i\fR, \fB\-\-red\fR Only show lines containing bytes that are different among all files .TP \fB\-U\fR, \fB\-\-blue\fR Only show lines containing bytes that are different among some files .TP \fB\-u\fR, \fB\-\-similar\fR Only display lines that are the same between all files .TP \fB\-w\fR, \fB\-\-terse\fR Diff all files, but only display a hex dump of the first file .SS "Raw Compression Options:" .TP \fB\-X\fR, \fB\-\-deflate\fR Scan for raw deflate compression streams .TP \fB\-Z\fR, \fB\-\-lzma\fR Scan for raw LZMA compression streams .TP \fB\-P\fR, \fB\-\-partial\fR Perform a superficial, but faster, scan .TP \fB\-S\fR, \fB\-\-stop\fR Stop after the first result .SS "General Options:" .TP \fB\-l\fR, \fB\-\-length=\fR Number of bytes to scan .TP \fB\-o\fR, \fB\-\-offset=\fR Start scan at this file offset .TP \fB\-O\fR, \fB\-\-base=\fR Add a base address to all printed offsets .TP \fB\-K\fR, \fB\-\-block=\fR Set file block size .TP \fB\-g\fR, \fB\-\-swap=\fR Reverse every n bytes before scanning .TP \fB\-f\fR, \fB\-\-log=\fR Log results to file .TP \fB\-c\fR, \fB\-\-csv\fR Log results to file in CSV format .TP \fB\-t\fR, \fB\-\-term\fR Format output to fit the terminal window .TP \fB\-q\fR, \fB\-\-quiet\fR Suppress output to stdout .TP \fB\-v\fR, \fB\-\-verbose\fR Enable verbose output .TP \fB\-h\fR, \fB\-\-help\fR Show help output .TP \fB\-a\fR, \fB\-\-finclude=\fR Only scan files whose names match this regex .TP \fB\-p\fR, \fB\-\-fexclude=\fR Do not scan files whose names match this regex .TP \fB\-s\fR, \fB\-\-status=\fR Enable the status server on the specified port