tool for searching binary images for embedded files and exe‐ cutable code


Scan a binary file

$ binwalk [path/to/binary]

Extract files from a binary, specifying the output directory

$ binwalk --extract --directory [output_directory] [path/to/binary]

Recursively extract files from a binary limiting the recursion depth to 2

$ binwalk --extract --matryoshka --depth [2] [path/to/binary]

Extract files from a binary with the specified file signature

$ binwalk --dd '[png image:png]' [path/to/binary]

Analyze the entropy of a binary, saving the plot with the same name as the binary and .png extension appended

$ binwalk --entropy --save [path/to/binary]

Combine entropy, signature and opcodes analysis in a single command

$ binwalk --entropy --signature --opcodes [path/to/binary]


binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...


Binwalk v2.1.1 Craig Heffner, Signature Scan Options: -B, --signature Scan target file(s) for common file signatures -R, --raw= Scan target file(s) for the specified sequence of bytes -A, --opcodes Scan target file(s) for common executable opcode signatures -m, --magic= Specify a custom magic file to use -b, --dumb Disable smart signature keywords -I, --invalid Show results marked as invalid -x, --exclude= Exclude results that match -y, --include= Only show results that match Extraction Options: -e, --extract Automatically extract known file types -D, --dd= Extract signatures, give the files an extension of , and execute -M, --matryoshka Recursively scan extracted files -d, --depth= Limit matryoshka recursion depth (default: 8 levels deep) -C, --directory= Extract files/folders to a custom directory (default: current working directory) -j, --size= Limit the size of each extracted file -n, --count= Limit the number of extracted files -r, --rm Delete carved files after extraction -z, --carve Carve data from files, but don't execute extraction utilities Entropy Analysis Options: -E, --entropy Calculate file entropy -F, --fast Use faster, but less detailed, entropy analysis -J, --save Save plot as a PNG -Q, --nlegend Omit the legend from the entropy plot graph -N, --nplot Do not generate an entropy plot graph -H, --high= Set the rising edge entropy trigger threshold (default: 0.95) -L, --low= Set the falling edge entropy trigger threshold (default: 0.85) Binary Diffing Options: -W, --hexdump Perform a hexdump / diff of a file or files -G, --green Only show lines containing bytes that are the same among all files -i, --red Only show lines containing bytes that are different among all files -U, --blue Only show lines containing bytes that are different among some files -w, --terse Diff all files, but only display a hex dump of the first file Raw Compression Options: -X, --deflate Scan for raw deflate compression streams -Z, --lzma Scan for raw LZMA compression streams -P, --partial Perform a superficial, but faster, scan -S, --stop Stop after the first result General Options: -l, --length= Number of bytes to scan -o, --offset= Start scan at this file offset -O, --base= Add a base address to all printed offsets -K, --block= Set file block size -g, --swap= Reverse every n bytes before scanning -f, --log= Log results to file -c, --csv Log results to file in CSV format -t, --term Format output to fit the terminal window -q, --quiet Suppress output to stdout -v, --verbose Enable verbose output -h, --help Show help output -a, --finclude= Only scan files whose names match this regex -p, --fexclude= Do not scan files whose names match this regex -s, --status= Enable the status server on the specified port

Copied to clipboard
free 100$ digital ocean credit