1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.13.
.TH BINWALK "1" "September 2021" "binwalk 2.3.2" "User Commands"
.SH NAME
binwalk \- tool for searching binary images for embedded files and executable code
.SH SYNOPSIS
.B binwalk
[\fI\,OPTIONS\/\fR] [\fI\,FILE1\/\fR] [\fI\,FILE2\/\fR] [\fI\,FILE3\/\fR] ...
.SH DESCRIPTION
Binwalk v2.3.2+dcb1403
Craig Heffner, ReFirmLabs
https://github.com/ReFirmLabs/binwalk
.SS "Signature Scan Options:"
.TP
\fB\-B\fR, \fB\-\-signature\fR
Scan target file(s) for common file signatures
.TP
\fB\-R\fR, \fB\-\-raw=\fR<str>
Scan target file(s) for the specified sequence of bytes
.TP
\fB\-A\fR, \fB\-\-opcodes\fR
Scan target file(s) for common executable opcode signatures
.TP
\fB\-m\fR, \fB\-\-magic=\fR<file>
Specify a custom magic file to use
.TP
\fB\-b\fR, \fB\-\-dumb\fR
Disable smart signature keywords
.TP
\fB\-I\fR, \fB\-\-invalid\fR
Show results marked as invalid
.TP
\fB\-x\fR, \fB\-\-exclude=\fR<str>
Exclude results that match <str>
.TP
\fB\-y\fR, \fB\-\-include=\fR<str>
Only show results that match <str>
.SS "Extraction Options:"
.TP
\fB\-e\fR, \fB\-\-extract\fR
Automatically extract known file types
.TP
\fB\-D\fR, \fB\-\-dd=\fR<type[:ext[:cmd]]>
Extract <type> signatures (regular expression), give the files an extension of <ext>, and execute <cmd>
.TP
\fB\-M\fR, \fB\-\-matryoshka\fR
Recursively scan extracted files
.TP
\fB\-d\fR, \fB\-\-depth=\fR<int>
Limit matryoshka recursion depth (default: 8 levels deep)
.TP
\fB\-C\fR, \fB\-\-directory=\fR<str>
Extract files/folders to a custom directory (default: current working directory)
.TP
\fB\-j\fR, \fB\-\-size=\fR<int>
Limit the size of each extracted file
.TP
\fB\-n\fR, \fB\-\-count=\fR<int>
Limit the number of extracted files
.TP
\fB\-r\fR, \fB\-\-rm\fR
Delete carved files after extraction
.TP
\fB\-z\fR, \fB\-\-carve\fR
Carve data from files, but don't execute extraction utilities
.TP
\fB\-V\fR, \fB\-\-subdirs\fR
Extract into sub\-directories named by the offset
.SS "Entropy Options:"
.TP
\fB\-E\fR, \fB\-\-entropy\fR
Calculate file entropy
.TP
\fB\-F\fR, \fB\-\-fast\fR
Use faster, but less detailed, entropy analysis
.TP
\fB\-J\fR, \fB\-\-save\fR
Save plot as a PNG
.TP
\fB\-Q\fR, \fB\-\-nlegend\fR
Omit the legend from the entropy plot graph
.TP
\fB\-N\fR, \fB\-\-nplot\fR
Do not generate an entropy plot graph
.TP
\fB\-H\fR, \fB\-\-high=\fR<float>
Set the rising edge entropy trigger threshold (default: 0.95)
.TP
\fB\-L\fR, \fB\-\-low=\fR<float>
Set the falling edge entropy trigger threshold (default: 0.85)
.SS "Binary Diffing Options:"
.TP
\fB\-W\fR, \fB\-\-hexdump\fR
Perform a hexdump / diff of a file or files
.TP
\fB\-G\fR, \fB\-\-green\fR
Only show lines containing bytes that are the same among all files
.TP
\fB\-i\fR, \fB\-\-red\fR
Only show lines containing bytes that are different among all files
.TP
\fB\-U\fR, \fB\-\-blue\fR
Only show lines containing bytes that are different among some files
.TP
\fB\-u\fR, \fB\-\-similar\fR
Only display lines that are the same between all files
.TP
\fB\-w\fR, \fB\-\-terse\fR
Diff all files, but only display a hex dump of the first file
.SS "Raw Compression Options:"
.TP
\fB\-X\fR, \fB\-\-deflate\fR
Scan for raw deflate compression streams
.TP
\fB\-Z\fR, \fB\-\-lzma\fR
Scan for raw LZMA compression streams
.TP
\fB\-P\fR, \fB\-\-partial\fR
Perform a superficial, but faster, scan
.TP
\fB\-S\fR, \fB\-\-stop\fR
Stop after the first result
.SS "General Options:"
.TP
\fB\-l\fR, \fB\-\-length=\fR<int>
Number of bytes to scan
.TP
\fB\-o\fR, \fB\-\-offset=\fR<int>
Start scan at this file offset
.TP
\fB\-O\fR, \fB\-\-base=\fR<int>
Add a base address to all printed offsets
.TP
\fB\-K\fR, \fB\-\-block=\fR<int>
Set file block size
.TP
\fB\-g\fR, \fB\-\-swap=\fR<int>
Reverse every n bytes before scanning
.TP
\fB\-f\fR, \fB\-\-log=\fR<file>
Log results to file
.TP
\fB\-c\fR, \fB\-\-csv\fR
Log results to file in CSV format
.TP
\fB\-t\fR, \fB\-\-term\fR
Format output to fit the terminal window
.TP
\fB\-q\fR, \fB\-\-quiet\fR
Suppress output to stdout
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Enable verbose output
.TP
\fB\-h\fR, \fB\-\-help\fR
Show help output
.TP
\fB\-a\fR, \fB\-\-finclude=\fR<str>
Only scan files whose names match this regex
.TP
\fB\-p\fR, \fB\-\-fexclude=\fR<str>
Do not scan files whose names match this regex
.TP
\fB\-s\fR, \fB\-\-status=\fR<int>
Enable the status server on the specified port
|
