other versions
- unstable 5.9.0+dfsg-1
- experimental 5.8.8+dfsg-1
| RAFIND2(1) | General Commands Manual | RAFIND2(1) |
NAME¶
rafind2 — advanced
command-line byte pattern search in files
SYNOPSIS¶
rafind2 |
[-a align]
[-b size]
[-c] [-e
regex] [-f
from] [-F
file] [-h]
[-i] [-j]
[-L] [-m]
[-M mask]
[-n] [-q]
[-r] [-s
str] [-S
str] [-t
to] [-v]
[-V s:num]
[-x hex]
[-X] [-z]
[-Z] file|dir .. |
DESCRIPTION¶
rafind2 is a versatile program designed to
find byte patterns in files.
The following options are available:
-aalign- Only accept aligned search results.
-bsize- Define the block size for searching. Depending on the cpu cache, memory and storage different sizes may affect the performance.
-c- Disable colorful output, primarily useful for non-interactive or batch use-cases.
-eregex- Search for matches using regular expressions. Multiple expressions can be provided.
-ffrom- Specify the starting address for the search. (See -t)
-Ffile- Read keywords from the specified file for searching.
-h- Display the help message.
-i- Identify the filetype using similar techniques as the 'file' command.
-j- Output results in JSON format.
-L- List all available I/O plugins.
-m- Perform magic search to identify file types based on signatures.
-Mmask- Apply a binary mask to the keywords before searching.
-n- Continue searching even if read errors occur.
-q- Quiet mode: suppress headings or filenames in the output.
-r- Print results using radare commands.
-sstr- Search for the specified string(s) in the file(s).
-Sstr- Search for wide strings (Unicode) in the file(s).
-tto- Specify the ending address for the search. (See -f)
-v- Display the version of rafind2 and exit.
-Vs:num- Search for the given value using little-endian notation (e.g., -V 4:123).
-xhex- Search for the specified hex pattern(s) in the file(s).
-X- Display the hexdump of search results.
-z- Search for zero-terminated strings.
-Z- Display strings found on each search hit.
EXAMPLES¶
Search for a specific string in a file:
$ rafind2 -s "search_string" file.txt
Search for a hex pattern in all the files from directory:
$ rafind2 -x "909090" directory_path
Identify the file type using the magic database:
$ rafind2 -i binary_file
Search for the little endian 123 stored in a 4 byte word inside a file:
$ rafind2 -V 4:123 file.bin
SEE ALSO¶
WWW¶
AUTHORS¶
pancake <pancake@nopcode.org>
| March 16, 2024 |