1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
root@node1:/home/binwalk# binwalk -h
Binwalk v2.2.1+e0f9bf7 # 版本号
Craig Heffner, ReFirmLabs
https://github.com/ReFirmLabs/binwalk
Usage: binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...
Disassembly Scan Options:
-Y, --disasm Identify the CPU architecture of a file using the capstone disassembler
-T, --minsn=<int> Minimum number of consecutive instructions to be considered valid (default: 500)
-k, --continue Don't stop at the first match
Signature Scan Options:
-B, --signature Scan target file(s) for common file signatures 扫描目标文件以获取常见文件签名
-R, --raw=<str> Scan target file(s) for the specified sequence of bytes 扫描目标文件的指定字符序列
-A, --opcodes Scan target file(s) for common executable opcode signatures 扫描目标文件中常见可执行代码
-m, --magic=<file> Specify a custom magic file to use 指定要使用的自定义签名文件
-b, --dumb Disable smart signature keywords 禁用智能签名关键字
-I, --invalid Show results marked as invalid 显示完整的扫描结果
-x, --exclude=<str> Exclude results that match <str> 排除与<str>匹配的结果
-y, --include=<str> Only show results that match <str> 只显示与<str>匹配的结果
Extraction Options:
-e, --extract Automatically extract known file types 自动提取已知的文件类型
-D, --dd=<type[:ext[:cmd]]> Extract <type> signatures (regular expression), give the files an extension of <ext>, and execute <cmd> 提取<type>签名,为文件扩展名为<ext>,然后执行<cmd>,比如:binwalk -D 'png image:png' firmware.bin
-M, --matryoshka Recursively scan extracted files 递归扫描提取的文件
-d, --depth=<int> Limit matryoshka recursion depth (default: 8 levels deep) 递归深度
-C, --directory=<str> Extract files/folders to a custom directory (default: current working directory) 将文件/文件夹提取到自定义目录(默认:当前工作目录)
-j, --size=<int> Limit the size of each extracted file 限制每个提取文件的大小
-n, --count=<int> Limit the number of extracted files 限制提取文件的数量
-r, --rm Delete carved files after extraction 清理零大小文件和提取工具在提取期间无法处理的文件。仅当与--extract或--dd一起使用时有效。有助于清除提取期间从目标文件中复制的误报文件
-z, --carve Carve data from files, but don't execute extraction utilities 从文件中读取数据,但不执行提取实用程序
-V, --subdirs Extract into sub-directories named by the offset
Entropy Options:
-E, --entropy Calculate file entropy 计算文件熵,熵分析可以帮助识别固件映像中有趣的数据部分
-F, --fast Use faster, but less detailed, entropy analysis
-J, --save Save plot as a PNG 自动将 --entropy 生成的熵图保存到 PNG 文件中,而不是显示它
-Q, --nlegend Omit the legend from the entropy plot graph 从熵图中省略图例
-N, --nplot Do not generate an entropy plot graph 不生成熵图
-H, --high=<float> Set the rising edge entropy trigger threshold (default: 0.95) 设置上升沿熵触发阈值
-L, --low=<float> Set the falling edge entropy trigger threshold (default: 0.85) 设置下升沿熵触发阈值
Binary Diffing Options:
-W, --hexdump Perform a hexdump / diff of a file or files 比较文件
-G, --green Only show lines containing bytes that are the same among all files
-i, --red Only show lines containing bytes that are different among all files
-U, --blue Only show lines containing bytes that are different among some files
-u, --similar Only display lines that are the same between all files
-w, --terse Diff all files, but only display a hex dump of the first file
Raw Compression Options:
-X, --deflate Scan for raw deflate compression streams
-Z, --lzma Scan for raw LZMA compression streams 通过暴力破解识别可能的原始 LZMA 压缩数据流
-P, --partial Perform a superficial, but faster, scan
-S, --stop Stop after the first result
General Options:
-l, --length=<int> Number of bytes to scan
-o, --offset=<int> Start scan at this file offset
-O, --base=<int> Add a base address to all printed offsets
-K, --block=<int> Set file block size
-g, --swap=<int> Reverse every n bytes before scanning
-f, --log=<file> Log results to file 将结果记录到文件
-c, --csv Log results to file in CSV format
-t, --term Format output to fit the terminal window
-q, --quiet Suppress output to stdout 禁止输出到标准输出
-v, --verbose Enable verbose output 详细输出
-h, --help Show help output
-a, --finclude=<str> Only scan files whose names match this regex
-p, --fexclude=<str> Do not scan files whose names match this regex
-s, --status=<int> Enable the status server on the specified port 启用指定端口上的状态服务器
|