Binwalk Logo

Binwalk

0
Free
Visit Website

Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. Prior to Binwalk v2.3.3, extracted archives could create symlinks which point anywhere on the file system, potentially resulting in a directory traversal attack if subsequent extraction utilities blindly follow these symlinks. Binwalk makes use of many third-party extraction utilities which may have unpatched security issues; Binwalk v2.3.3 and later allows external extraction tools to be run as an unprivileged user using the run-as command line option (this requires Binwalk itself to be run with root privileges). Additionally, Binwalk v2.3.3 and later will refuse to perform extraction as root unless --run-as=root is specified. Even though many major Linux distros are still shipping Python 2.7 as the default interpreter in their currently stable release, Binwalk support has moved exclusively to Python 3.

FEATURES

ALTERNATIVES

A .Net wrapper library for the native Yara library with interoperability and portability features.

A collection of Yara rules for detecting malware evasion techniques

Dalfox is a powerful open-source XSS scanner and utility focused on automation.

YARA rules for ProcFilter to detect malware and threats

A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.

A strings statistics calculator for YARA rules to aid malware research.

A suite of secret scanners built in Rust for performance.

Automatic YARA rule generation for malware repositories.