rabin2

Display general information about a binary (architecture, type, endianness)

$ rabin2 -I [path/to/binary]

$ rabin2 -l [path/to/binary]

$ rabin2 -i [path/to/binary]

$ rabin2 -z [path/to/binary]

$ rabin2 -j -I [path/to/binary]

rabin2 [options] [file]

-A
    List all relevant binary information (a combination of common options like entry, imports, exports, sections, symbols, strings).

-B
    Display binary architecture information (e.g., architecture, bits, OS, endianness, file type, machine).

-c
    Display call-graphs (requires pre-analysis or specific flags).

-C
    Display C++ classes found in the binary.

-D
    Display debug information (e.g., DWARF, PDB).

-e
    Display entry points of the binary.

-E
    Display exported symbols.

-f
    Display functions detected in the binary.

-F
    Display flags associated with binary elements.

-g
    Display the binary's signature (e.g., hash, fuzzy hash).

-H
    Display header information (raw or interpreted).

-i
    Display imported symbols and their libraries.

-I
    Display general information about the binary (similar to -B but more comprehensive).

-j
    Output in JSON format, ideal for scripting and programmatic parsing.

-K
    Display ELF sections (specific to ELF binaries).

-l
    List linked libraries.

-L
    List all supported binary formats by rabin2.

-M
    Display the address of the main function (if detected).

-n
    Display sections by name.

-N
    Display symbols by name.

-O offset
    Open a binary at a specific offset (useful for fat binaries or embedded files).

-P
    Show section permissions (read, write, execute).

-q
    Quiet mode, suppress column names and headers.

-qq
    Even quieter mode, output only raw data without any formatting.

-r
    Show output in raw format (no pretty printing).

-R
    Display relocations.

-s
    Display symbols (all types: local, global, etc.).

-S
    Display sections.

-t
    Display printable strings from the binary.

-T table
    Display fields of a given table (e.g., -T strings for detailed string properties).

-u
    Display undefined symbols.

-v
    Show version information of rabin2.

-x section_name
    Display content of a specific section in hexadecimal format.

-Z
    Display sections with Zignatures (code signatures).

rabin2 is a powerful command-line utility from the radare2 reverse engineering framework. It specializes in rapidly extracting critical metadata from various binary file formats (e.g., ELF, PE, Mach-O, MZ, COFF, etc.) without requiring a full loading of the binary into an interactive environment.

It provides detailed insights into a binary's structure, including header information, sections, segments, symbols (imports, exports, local), entry points, relocations, and strings. rabin2 is commonly used for initial reconnaissance, triage, and scripting tasks involving executables, shared libraries, and object files, offering a quick overview before deeper analysis with radare2 itself.

rabin2 relies on the underlying r_bin library within the radare2 framework, which may have limitations in perfectly parsing extremely malformed or obscure binary formats. While fast, it performs static analysis and cannot provide runtime insights like a debugger. For in-depth analysis, dynamic inspection, or interactive reverse engineering, the full radare2 environment (r2) is required.

The -j option is one of rabin2's most powerful features for automation. It outputs all requested information in a structured JSON format, making it trivial to parse with scripting languages like Python or Node.js. This enables seamless integration into automated analysis pipelines and custom tooling.

Although a standalone tool, rabin2 shares its binary parsing engine with radare2 itself. Many of the commands executed within an r2 session (e.g., i for info, is for symbols, ie for exports) are internally powered by the same logic used by rabin2, ensuring consistency and accuracy across the framework.

rabin2 is an integral part of the radare2 open-source reverse engineering framework, which originated around 2006. It was developed to provide a quick, standalone utility for extracting binary metadata, leveraging the robust binary parsing capabilities of radare2's core r_bin library. Its evolution is closely tied to the continuous development and expansion of the radare2 project, aiming for comprehensive format support and performance.

radare2(1), r2(1), rafind2(1), rarun2(1), objdump(1), readelf(1), nm(1)