Skip to content

Latest commit

 

History

History
322 lines (248 loc) · 4.96 KB

strings.md

File metadata and controls

322 lines (248 loc) · 4.96 KB

Strings Command Cheatsheet

Installation Instructions

Windows

# Option 1: Download from Windows Sysinternals
# Visit: https://docs.microsoft.com/en-us/sysinternals/downloads/strings

# Option 2: Install via Chocolatey
choco install sysinternals

Linux

# Debian/Ubuntu
sudo apt-get install binutils

# RHEL/CentOS
sudo yum install binutils

# Arch Linux
sudo pacman -S binutils

macOS

# Using Homebrew
brew install binutils

# Note: The command might be accessible as gstrings

Basic Commands

  1. Basic string extraction:
strings filename
  1. Set minimum string length:
strings -n [length] filename
  1. Show file offsets in decimal:
strings -t d filename
  1. Show file offsets in hexadecimal:
strings -t x filename

Advanced Usage

  1. Search for wide character strings:
strings -e l filename  # little-endian 16-bit
strings -e b filename  # big-endian 16-bit
strings -e L filename  # little-endian 32-bit
strings -e B filename  # big-endian 32-bit
  1. Print filename before each string:
strings -f filename
  1. Print section header before each string:
strings --section filename
  1. Scan entire file (not just data sections):
strings -a filename

Output Manipulation

  1. Output to file:
strings filename > output.txt
  1. Find specific strings:
strings filename | grep "pattern"
  1. Count number of strings:
strings filename | wc -l
  1. Sort strings uniquely:
strings filename | sort -u

Multiple Files

  1. Process multiple files:
strings file1 file2 file3
  1. Process all files in directory:
strings *
  1. Recursive string search:
find . -type f -exec strings {} \;

Encoding Options

  1. Search for specific encoding:
strings -e s filename  # single-7-bit-byte characters (ASCII, ISO 8859)
strings -e S filename  # single-8-bit-byte characters
strings -e b filename  # 16-bit big-endian
strings -e l filename  # 16-bit little-endian

Advanced Filtering

  1. Show strings with context:
strings -c filename
  1. Target specific sections:
strings --target=section_name filename
  1. Print strings in octal:
strings -t o filename
  1. Combine with other tools:
strings filename | grep -i "password"
strings filename | awk 'length($0)>20'
strings filename | sed 's/^/FOUND: /'

Memory Analysis

  1. Analyze process memory:
strings /proc/pid/mem
  1. Analyze core dump:
strings core.dump
  1. Analyze memory dump:
strings memory.dmp

Custom Patterns

  1. Find email addresses:
strings filename | grep -E "[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}"
  1. Find URLs:
strings filename | grep -E "https?://[^\s]+"
  1. Find IP addresses:
strings filename | grep -E "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"

Special Usage

  1. Print only printable characters:
strings -tx filename
  1. Ignore case in pattern matching:
strings filename | grep -i "pattern"
  1. Count string occurrences:
strings filename | sort | uniq -c
  1. Find strings between markers:
strings filename | sed -n '/START/,/END/p'

Performance Options

  1. Use multiple threads:
strings --threads=4 filename
  1. Set buffer size:
strings --buffer-size=1024 filename
  1. Process compressed files:
zcat file.gz | strings

Security Analysis

  1. Find potential passwords:
strings filename | grep -i "pass"
  1. Find potential usernames:
strings filename | grep -i "user"
  1. Find potential API keys:
strings filename | grep -E "[A-Za-z0-9]{32}"

Format-Specific Analysis

  1. Analyze PDF strings:
strings -a file.pdf | grep "/Uri"
  1. Analyze ELF headers:
strings -a binary | grep "^ELF"
  1. Find embedded scripts:
strings filename | grep -E "^#!"

Output Formatting

  1. Custom delimiter:
strings filename | tr '\n' ','
  1. Remove empty lines:
strings filename | grep .
  1. Format as JSON:
strings filename | jq -R -s 'split("\n")[:-1]'

Forensics Usage

  1. Timeline analysis:
strings -t d filename | grep "2024"
  1. Find file signatures:
strings -a filename | grep -i "JFIF\|PNG\|PDF"
  1. Extract metadata strings:
strings filename | grep -i "creator\|producer\|author"

Integration with Other Tools

  1. Pipe to less:
strings filename | less
  1. Create word frequency list:
strings filename | tr ' ' '\n' | sort | uniq -c | sort -nr
  1. Extract and decode base64:
strings filename | grep -Eo '[A-Za-z0-9+/]{40,}' | base64 -d

Debugging Support

  1. Find debug strings:
strings filename | grep -i "debug\|error\|warning"
  1. Locate version strings:
strings filename | grep -i "version\|v[0-9]\.[0-9]"