Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility.
Binwalk also includes a custom magic signature file which contains improved signatures for files that are commonly found in firmware images such as compressed/archived files, firmware headers, Linux kernels, bootloaders, filesystems, etc.
- Recursive File Scanning and Extraction: Often files extracted by binwalk need to be further scanned / analyzed.
- Entropy and Strings Analysis: Binwalk’s signature analysis is great, but how do you know it didn’t miss something? What do you do if binwalk doesn’t find anything at all? Examining a file’s entropy can reveal a lot about its contents
- Plugin Support: In addition to a scriptable API, binwalk now supports plugins that are afforded considerable control over binwalk’s scan process. Plugins are particularly useful for extending or modifying binwalk’s analysis where custom signatures fall short.
Full Changelog: here