Forrest logo
tool overview
On this page you find all important commands for the CLI tool binwalk. If the command you are looking for is missing please ask our AI.

binwalk

Binwalk is a versatile command-line tool used for analyzing and extracting data from binary files. It is particularly useful for extracting embedded files and running various types of analysis on firmware images, executable programs, and other binary files.

Key features of binwalk include:

  1. Signature-Based Scanning: It uses a signature database to identify known file types and signatures within binary files. This allows it to detect and extract embedded files or specific sections within the binary.

  2. File Extraction: Binwalk can automatically identify and extract various types of embedded files like firmware images, compressed archives, and executable code from binary files.

  3. Recursive Scanning: It can recursively scan and extract embedded files from inside other embedded files, which is especially useful in cases of layered file systems or nested archives.

  4. Custom Signature Creation: Binwalk provides the ability to create custom signatures for detecting specific patterns or file types within binary files. This allows users to extend the tool's capability to identify custom file formats or signatures.

  5. Analyzing and Disassembling: While binwalk is primarily designed for extracting files, it also provides options for running various analysis tools on the extracted files. For example, it can analyze and disassemble embedded executable code to provide more insight into its functionality.

Binwalk is commonly used in firmware analysis, reverse engineering, vulnerability research, and digital forensics. It is available for multiple platforms, including Linux, macOS, and Windows. The tool's flexibility, extensibility, and ease of use make it a popular choice for binary analysis tasks.

List of commands for binwalk:

  • binwalk:tldr:5257c binwalk: Analyze the entropy of a binary, saving the plot with the same name as the binary and `.png` extension appended.
    $ binwalk --entropy --save ${path-to-binary}
    try on your machine
    explain this command
  • binwalk:tldr:8949b binwalk: Combine entropy, signature and opcodes analysis in a single command.
    $ binwalk --entropy --signature --opcodes ${path-to-binary}
    try on your machine
    explain this command
  • binwalk:tldr:8a59d binwalk: Scan a binary file.
    $ binwalk ${path-to-binary}
    try on your machine
    explain this command
  • binwalk:tldr:c6c39 binwalk: Recursively extract files from a binary limiting the recursion depth to 2.
    $ binwalk --extract --matryoshka --depth ${2} ${path-to-binary}
    try on your machine
    explain this command
  • binwalk:tldr:e995d binwalk: Extract files from a binary, specifying the output directory.
    $ binwalk --extract --directory ${output_directory} ${path-to-binary}
    try on your machine
    explain this command
  • binwalk:tldr:f9b19 binwalk: Extract files from a binary with the specified file signature.
    $ binwalk --dd '${png image:png}' ${path-to-binary}
    try on your machine
    explain this command
tool overview