Back to Commands

strings

file analysisLinux/Unix
The strings command is one of the most frequently used commands in Linux/Unix-like operating systems. strings Print the printable character sequences in files
See ExamplesView Syntax

Quick Reference

Command Name:

strings

Category:

file analysis

Platform:

Linux/Unix

Basic Usage:

strings [options] [arguments]

Common Use Cases

    Syntax

    strings [options] [file...]

    Options

    Option Description
    -a, --all Scan the entire file, not just the data section
    -d, --data Only scan the data sections in the file
    -e, --encoding=ENCODING Select character encoding: s = single-7bit-byte, S = single-8bit-byte, b = 16-bit bigendian, l = 16-bit littleendian, B = 32-bit bigendian, L = 32-bit littleendian
    -f, --print-file-name Print the name of the file before each string
    -n, --bytes=MIN-LEN Print sequences of at least MIN-LEN characters (default 4)
    -o Same as --radix=o
    -t, --radix=RADIX Print the location of the string in base RADIX (d=decimal, o=octal, x=hexadecimal)
    -T, --target=BFDNAME Specify the binary file format
    -w, --include-all-whitespace Include all whitespace as valid string characters
    -s, --section=NAME Only scan the named section
    --help Display help information
    --version Display version information

    Examples

    How to Use These Examples

    The examples below show common ways to use the strings command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

    # Basic Examples Basic
    strings binary_file
    Display all printable strings in a binary file.
    strings -n 10 binary_file
    Display strings at least 10 characters long.
    strings -f multiple_files*
    Display filename along with the strings found. # Advanced Examples Advanced # Display strings with their offsets in the file strings -t x executable # Shows offset in hexadecimal format # Display strings with their offsets in decimal strings -t d binary_file # Find strings in specific object file sections strings -s .rodata binary_file # Process all files in a directory with filtering strings /usr/bin/* | grep "password" # Analyze strings in different encodings strings -e l binary_file # 16-bit little-endian strings -e b binary_file # 16-bit big-endian strings -e L binary_file # 32-bit little-endian strings -e B binary_file # 32-bit big-endian # Extract potential URLs from a binary strings binary_file | grep -E "https?://" # Find version information in a binary strings binary_file | grep -i "version" # Look for copyright notices strings binary_file | grep -i "copyright" # Search for specific strings at specific offsets strings -t d binary_file | grep "specific_string" # Use with other commands to analyze malware strings suspicious.exe | sort | uniq > extracted_strings.txt # Check for embedded scripts strings binary_file | grep -E "^#!.*/(ba|c|k|z)?sh"

    Try It Yourself

    Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

    Understanding Syntax

    Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

    Notes

    The `strings` command is a versatile utility that scans files for printable character sequences (strings), making it an invaluable tool for analyzing binary files, executables, and other non-text content. Originally part of the GNU Binutils package, it's designed to extract human-readable text from files that might otherwise be difficult to examine directly. At its core, `strings` works by scanning through files byte by byte, identifying sequences of printable ASCII or Unicode characters that meet a minimum length requirement (by default, 4 characters). This simple yet powerful functionality makes it useful in a wide range of scenarios: 1. Binary Analysis: Extracting embedded text, messages, and other string data from compiled programs, which can reveal information about functionality, error messages, or hidden features. 2. Malware Investigation: Security professionals often use `strings` as a preliminary analysis tool to identify suspicious text, URLs, commands, or other indicators in potentially malicious files. 3. Reverse Engineering: When source code isn't available, `strings` can provide clues about a program's functionality by revealing function names, API calls, and internal messages. 4. Forensic Analysis: Examining binary files, memory dumps, or disk images for relevant textual information during digital forensic investigations. 5. Debugging: Locating error messages, log strings, or other text content in executables to assist with troubleshooting issues. 6. File Identification: Determining the nature or purpose of unknown binary files by examining their embedded strings. Beyond its basic functionality, `strings` offers several options that enhance its utility: - Adjustable minimum string length with the `-n` option - Support for different character encodings (7-bit ASCII, 8-bit, 16-bit, and 32-bit in both big and little endian formats) - Ability to display the offset of each string within the file - Options to scan specific sections of object files - Capability to process multiple files at once While `strings` is an extremely useful tool, it's important to understand its limitations. It performs a simple byte-by-byte scan and doesn't decode or decompress data, so strings that are encrypted, compressed, or encoded may not be detected. Additionally, the tool makes no distinction between actual string constants in a program and coincidental sequences of printable characters. Despite these limitations, `strings` remains one of the first tools that system administrators, security professionals, and software developers reach for when they need to quickly examine the contents of binary files.

    Related Commands

    These commands are frequently used alongside strings or serve similar purposes:

    hexdump
    od
    grep
    file
    xxd
    objdump
    Explore All Commands

    Use Cases

    Learn By Doing

    The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the strings command works in different scenarios.

    See ExamplesTry Lab Exercises
    $ strings
    View All Commands