Windows中如何安装和使用binwalk

admin 管理员组

文章数量: 887017

文章目录

• • binwalk安装
  • 使用快捷方式打开binwalk(方便使用
  • binwalk使用

Binwalk使用libmagic库，因此它与Unix文件实用程序创建的魔术签名兼容。 Binwalk还包括一个自定义魔术签名文件，其中包含常见的诸如压缩/存档文件，固件头，Linux内核，引导加载程序，文件系统等的固件映像中常见文件的改进魔数签名

binwalk安装

binwalkGitHub项目地址：https://github/ReFirmLabs/binwalk

下载完成后进入binwalk文件夹，然后运行：

python .\setup.py install

然后在Python的Scrtips目录里面可以看到生成了一个：binwalk文件

python binwalk [文件路径]

使用快捷方式打开binwalk(方便使用

)
为了方便使用，如果每次使用binwalk都要找这个Scripts目录，岂不是有点烦，所以在桌面创建一个cmd快捷方式指定到这个目录即可，这样每次使用就只需要在桌面点击binwalk的cmd命令终端即可

首先在桌面右键创建一个快捷方式，

目录填cmd的目录：

C:\Windows\System32\cmd.exe

然后点击Next下一步

名字就叫Binwalk
点击Finish完成后，右键属性，修改起始位置Start in为你的PythonScripts目录

然后就完成了，要使用binwalk的时候点击这个Binwalk就可以了

binwalk使用

D:\Python\Python3\Scripts>python binwalk -h

Binwalk v2.2.0-dcc8e86
Craig Heffner, ReFirmLabs
https://github/ReFirmLabs/binwalk

Usage: binwalk [OPTIONS] [FILE1] [FILE2] [FILE3] ...

Signature Scan Options:
    -B, --signature              Scan target file(s) for common file signatures
    -R, --raw=<str>              Scan target file(s) for the specified sequence of bytes
    -A, --opcodes                Scan target file(s) for common executable opcode signatures
    -m, --magic=<file>           Specify a custom magic file to use
    -b, --dumb                   Disable smart signature keywords
    -I, --invalid                Show results marked as invalid
    -x, --exclude=<str>          Exclude results that match <str>
    -y, --include=<str>          Only show results that match <str>

Extraction Options:
    -e, --extract                Automatically extract known file types
    -D, --dd=<type[:ext[:cmd]]>  Extract <type> signatures (regular expression), give the files an extension of <ext>, and execute <cmd>
    -M, --matryoshka             Recursively scan extracted files
    -d, --depth=<int>            Limit matryoshka recursion depth (default: 8 levels deep)
    -C, --directory=<str>        Extract files/folders to a custom directory (default: current working directory)
    -j, --size=<int>             Limit the size of each extracted file
    -n, --count=<int>            Limit the number of extracted files
    -r, --rm                     Delete carved files after extraction
    -z, --carve                  Carve data from files, but don't execute extraction utilities
    -V, --subdirs                Extract into sub-directories named by the offset

Entropy Options:
    -E, --entropy                Calculate file entropy
    -F, --fast                   Use faster, but less detailed, entropy analysis
    -J, --save                   Save plot as a PNG
    -Q, --nlegend                Omit the legend from the entropy plot graph
    -N, --nplot                  Do not generate an entropy plot graph
    -H, --high=<float>           Set the rising edge entropy trigger threshold (default: 0.95)
    -L, --low=<float>            Set the falling edge entropy trigger threshold (default: 0.85)

Binary Diffing Options:
    -W, --hexdump                Perform a hexdump / diff of a file or files
    -G, --green                  Only show lines containing bytes that are the same among all files
    -i, --red                    Only show lines containing bytes that are different among all files
    -U, --blue                   Only show lines containing bytes that are different among some files
    -u, --similar                Only display lines that are the same between all files
    -w, --terse                  Diff all files, but only display a hex dump of the first file

Raw Compression Options:
    -X, --deflate                Scan for raw deflate compression streams
    -Z, --lzma                   Scan for raw LZMA compression streams
    -P, --partial                Perform a superficial, but faster, scan
    -S, --stop                   Stop after the first result

General Options:
    -l, --length=<int>           Number of bytes to scan
    -o, --offset=<int>           Start scan at this file offset
    -O, --base=<int>             Add a base address to all printed offsets
    -K, --block=<int>            Set file block size
    -g, --swap=<int>             Reverse every n bytes before scanning
    -f, --log=<file>             Log results to file
    -c, --csv                    Log results to file in CSV format
    -t, --term                   Format output to fit the terminal window
    -q, --quiet                  Suppress output to stdout
    -v, --verbose                Enable verbose output
    -h, --help                   Show help output
    -a, --finclude=<str>         Only scan files whose names match this regex
    -p, --fexclude=<str>         Do not scan files whose names match this regex
    -s, --status=<int>           Enable the status server on the specified port

本文标签： Windows binwalk