Find strings - URLs, GUIDS, emails - in files



Bstrings is a tiny command line tool which helps you find strings within files: a suspicious executable file, a network traffic dump, whatever it might be.

The basic idea is much like many similar tools. Point the program at a file  - bstrings -f file.exe -  and it'll list any ASCII and Unicode strings for you.

As with all similar programs, this technique returns a lot of garbage, but bstrings has plenty of command line switches to help. You're able to set a minimum and maximum string length. To look for ASCII/ Unicode strings only. To sort results alphabetically, or by length.

Better still, there's support for searching by regular expressions, which gives you enormous control over the search.

Not familiar with regular expressions? No problem, bstrings has some very useful presets. Entering  bstrings -f file.exe --lr url3986  lists any URLs matching RFC 3986, and there are similar canned searches to find email, IP or MAC addresses, UNC paths, GUIDs, credit card numbers, US phone numbers, zip codes and more.

Version 1.1 changes:

Add -s switch to suppress output to console. Useful when used with -o
Add --ro switch to show only the string that matches a regex vs. the entire string where the regex was found
Add --fs and --fr switches which allow for supplying a file containing search terms to look for (--fs) or a file containing regex patterns (--fr). Both files expect one search term/regex per line

This version also saw a change to the regex pattern used for email and a nuget package update.

Verdict ratingsratingsratingsratingsratings

A very smart search tool.

Specification: bstrings

Windows Vista (32 bit),Windows 7 (32 bit),Windows Vista (64 bit),Windows 7 (64 bit),Windows 8,windows 10
Open Source
Eric Zimmerman
Date Added:
March 5, 2017

Recommended For You

Vulnerabilities found in more command-line tools, wget and tnftp get patches Word Online catching up with Word 2013, in some areas