Scroll to navigation

BINWALK(1) User Commands BINWALK(1)

NAME

binwalk - tool for searching binary images for embedded files and executable code

SYNOPSIS

binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...

DESCRIPTION

Binwalk v2.3.2+dcb1403 Craig Heffner, ReFirmLabs https://github.com/ReFirmLabs/binwalk

Signature Scan Options:

Scan target file(s) for common file signatures
Scan target file(s) for the specified sequence of bytes
Scan target file(s) for common executable opcode signatures
Specify a custom magic file to use
Disable smart signature keywords
Show results marked as invalid
Exclude results that match <str>
Only show results that match <str>

Extraction Options:

Automatically extract known file types
Extract <type> signatures (regular expression), give the files an extension of <ext>, and execute <cmd>
Recursively scan extracted files
Limit matryoshka recursion depth (default: 8 levels deep)
Extract files/folders to a custom directory (default: current working directory)
Limit the size of each extracted file
Limit the number of extracted files
Delete carved files after extraction
Carve data from files, but don't execute extraction utilities
Extract into sub-directories named by the offset

Entropy Options:

Calculate file entropy
Use faster, but less detailed, entropy analysis
Save plot as a PNG
Omit the legend from the entropy plot graph
Do not generate an entropy plot graph
Set the rising edge entropy trigger threshold (default: 0.95)
Set the falling edge entropy trigger threshold (default: 0.85)

Binary Diffing Options:

Perform a hexdump / diff of a file or files
Only show lines containing bytes that are the same among all files
Only show lines containing bytes that are different among all files
Only show lines containing bytes that are different among some files
Only display lines that are the same between all files
Diff all files, but only display a hex dump of the first file

Raw Compression Options:

Scan for raw deflate compression streams
Scan for raw LZMA compression streams
Perform a superficial, but faster, scan
Stop after the first result

General Options:

Number of bytes to scan
Start scan at this file offset
Add a base address to all printed offsets
Set file block size
Reverse every n bytes before scanning
Log results to file
Log results to file in CSV format
Format output to fit the terminal window
Suppress output to stdout
Enable verbose output
Show help output
Only scan files whose names match this regex
Do not scan files whose names match this regex
Enable the status server on the specified port
September 2021 binwalk 2.3.2