When I successfully extract a file system from the firmware of an embedded system, the first thing that I do is run grep or strings looking for low hanging fruit or even potential command injection vulns.
What I wanted though is something that recursively checked all files of a directory for a specific string.
As we all know grep has this functionality with the -r flag but it doesn't handle binaries that well and strings doesn't have a recursive option.
So I decided to write a quick script that uses libmagic (the library behind the file unix utility) to identify the file type and run the appropriate commands.
In one go we can just parse all the things!
I called the script Toby and you can find it here https://github.com/byt3bl33d3r/toby
Here's an example of me using it on a freshly extracted filesystem looking for the string telnet:
As you can see it detects the appropriate file type and parses the file. Really awesome and also a timesaver!
If it turns out to be useful for someone I might add a couple of more features to it that I had in mind.
Go Top