NAME

       binwalk - binary image search tool

SYNOPSIS

       binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...

DESCRIPTION

       Binwalk  is  a  tool  for  searching  a  given  binary  image  for  embedded  files  and executable code.
       Specifically, it is designed for identifying files and code embedded inside of firmware  images.  Binwalk
       uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility.

OPTIONS

       -o, --offset=<int>
              File offset to start searching at

       -l, --length=<int>
              Number of bytes to search

       -b, --align=<int>
              Set byte alignment

       -f, --file=<file>
              Log results to file

       -m, --magic=<file>
              Magic file to use [/etc/binwalk/magic.binwalk]

       -g, --grep=<string>
              Only display results that contain the text <string>

       -r, --raw-bytes=<string>
              Search for a sequence of raw bytes inside the target file (implies -a, -d, -I)

       -y, --search=<filter>
              Only search for matches that have <filter> in their description (implies -t, -d, -k)

       -x, --exclude=<filter>
              Exclude matches that have <filter> in their description

       -i, --include=<filter>
              Include matches that are normally excluded and that have <filter> in their description *

       -a, --all
              Search for all matches, including those that are normally excluded *

       -d, --defaults
              Speed up scan by disabling default filters **

       -I, --show-invalid
              Show results marked as invalid ***

       -t, --fast
              Speed up scan by only loading signatures specified by -i or -y

       -u, --update
              Update magic signature files

       -v, --verbose
              Enable verbose mode

       -s, --smart
              Disable smart matching (implies -a)

       -k, --keep-going
              Don't stop at the first match (implies -I)

       -c, --validate
              Validate magic file

       -q, --quiet
              Supress output to stdout

       -A, --opcodes
              Scan for executable code (implies -a)

       -C, --cast
              Cast file contents as various data types (implies -k)

       *   Signatures of two bytes or less are excluded by default. Use -i or -a to include them in the search.

       **  Default filters include 'gzip', 'lzma' and 'jffs2' results.

              Disabling the default filters (-d) will speed up scan time, but may miss these file types.

       *** By default, all results that contain the text 'invalid' will not be shown. Use -I to display them.

binwalk                                            April 2012                                         BINWALK(1)