binwalk (1)
NAME
binwalk - binary image search toolSYNOPSIS
binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...DESCRIPTION
Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility.
OPTIONS
- -o, --offset=<int>
- File offset to start searching at
- -l, --length=<int>
- Number of bytes to search
- -b, --align=<int>
- Set byte alignment
- -f, --file=<file>
- Log results to file
- -m, --magic=<file>
- Magic file to use [/etc/binwalk/magic.binwalk]
- -g, --grep=<string>
- Only display results that contain the text <string>
- -r, --raw-bytes=<string>
- Search for a sequence of raw bytes inside the target file (implies -a, -d, -I)
- -y, --search=<filter>
- Only search for matches that have <filter> in their description (implies -t, -d, -k)
- -x, --exclude=<filter>
- Exclude matches that have <filter> in their description
- -i, --include=<filter>
- Include matches that are normally excluded and that have <filter> in their description *
- -a, --all
- Search for all matches, including those that are normally excluded *
- -d, --defaults
- Speed up scan by disabling default filters **
- -I, --show-invalid
- Show results marked as invalid ***
- -t, --fast
- Speed up scan by only loading signatures specified by -i or -y
- -u, --update
- Update magic signature files
- -v, --verbose
- Enable verbose mode
- -s, --smart
- Disable smart matching (implies -a)
- -k, --keep-going
- Don't stop at the first match (implies -I)
- -c, --validate
- Validate magic file
- -q, --quiet
- Supress output to stdout
- -A, --opcodes
- Scan for executable code (implies -a)
- -C, --cast
- Cast file contents as various data types (implies -k)
* Signatures of two bytes or less are excluded by default. Use -i or -a to include them in the search.
** Default filters include 'gzip', 'lzma' and 'jffs2' results.
- Disabling the default filters (-d) will speed up scan time, but may miss these file types.
*** By default, all results that contain the text 'invalid' will not be shown. Use -I to display them.
![assorted[chips]](/wp-content/themes/codetools-2016child/images/assortedchips_logo_black.png){kind=logo}