Binwalk – Firmware Security Analysis & Extraction Tool


Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering, and extraction of firmware images.

Binwalk - Firmware Security Analysis & Extraction Tool


Features of Binwalk Firmware Security Analysis & Extraction Tool

  • Scanning Firmware – Binwalk can scan a firmware image for many different embedded file types and file systems
  • File Extraction – You can tell binwalk to extract any files that it finds in the firmware image
  • Entropy Analysis – Can help identify interesting sections of data inside a firmware image
  • String Search – Allows you to search the specified file(s) for a custom string

There are also various filters such as by CPU architecture, number of instructions, include filter, exclude filter,

Installation of Binwalk Firmware Security Analysis & Extraction Tool

Download binwalk:

Install binwalk; if you have a previously installed version of binwalk, it is suggested that you uninstall it before upgrading:

Debian users can install all optional and suggested extractors/dependencies using the included deps.sh script (recommended):

If you are not a Debian user, or if you wish to install only selected dependencies, see the INSTALL documentation for more details.


Usage of Binwalk Firmware Security Analysis & Extraction Tool

File Extraction

You can tell binwalk to extract any files that it finds in the firmware image with the -e option:

Binwalk will even recursively scan files as it extracts them if you also specify the -M option:

And if the -r option is specified, any file signatures that couldn’t be extracted – or that resulted in 0-size files – will be automatically deleted:

To extract one specific signature type, specify one or more -D type options:

Entropy Analysis

What happens if binwalk doesn’t report any signatures? Or, how do you know binwalk didn’t miss anything interesting?

Entropy analysis can help identify interesting sections of data inside a firmware image:

You can download Binwalk here:

binwalk-v2.2.0.zip

Or read more here.

Posted in: Hardware Hacking


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.


One Response to Binwalk – Firmware Security Analysis & Extraction Tool

  1. steve April 23, 2020 at 6:37 am #

    Binwalk is a tool that tool for cyber security for sure.