performing-firmware-extraction-with-binwalk

Featured

Performs firmware image extraction and analysis using binwalk to identify embedded filesystems, compressed archives, bootloaders, kernel images, and cryptographic material. Covers entropy analysis for detecting encrypted or compressed regions, recursive extraction of nested archives, SquashFS/CramFS/JFFS2 filesystem mounting, and string analysis for credential and configuration discovery. Activates for requests involving firmware reverse engineering, IoT device analysis, embedded system security assessment, or router/camera firmware extraction.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Performing Firmware Extraction with Binwalk ## When to Use - Analyzing IoT device firmware downloaded from vendor sites or extracted from flash chips - Reverse engineering router, camera, or embedded device firmware for vulnerability research - Identifying embedded filesystems (SquashFS, CramFS, JFFS2, UBIFS) within firmware blobs - Detecting encrypted or compressed regions using entropy analysis - Extracting hardcoded credentials, API keys, certificates, or configuration files from firmware - Performing security assessments of embedded devices in authorized penetration tests **Do not use** for analyzing standard desktop application binaries or malware samples that are not firmware images; use dedicated malware analysis tools instead. ## Prerequisites - binwalk v3.x installed (`pip install binwalk3` or from system package manager) - Python 3.8+ with standard libraries (struct, math, hashlib, subprocess) - SquashFS tools (`unsquashfs`) for mounting extracted SquashFS filesystems - Jefferson for JFFS2 filesystem extraction (`pip install jefferson`) - Sasquatch for non-standard SquashFS variants used by vendors like TP-Link and D-Link - `strings` utility (GNU binutils) for string extraction - Optional: firmware-mod-kit for repacking modified firmware images ## Workflow ### Step 1: Initial Firmware Reconnaissance Perform a signature scan to identify embedded file types and their offsets: ```bash # Basic signature scan - identify all recognized file types binwalk firmwa...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

performing-firmware-malware-analysis

Analyzes firmware images for embedded malware, backdoors, and unauthorized modifications targeting routers, IoT devices, UEFI/BIOS, and embedded systems. Covers firmware extraction, filesystem analysis, binary reverse engineering, and bootkit detection. Activates for requests involving firmware security analysis, IoT malware investigation, UEFI rootkit detection, or embedded device compromise assessment.

12,642 Updated today
mukul975
Testing & QA Listed

firmware-analyst

Expert firmware analyst specializing in embedded systems, IoT security, and hardware reverse engineering. Masters firmware extraction, analysis, and vulnerability research for routers, IoT devices, automotive systems, and industrial controllers. Use PROACTIVELY for firmware security audits, IoT penetration testing, or embedded systems research.

335 Updated today
aiskillstore
AI & Automation Featured

firmware-analyst

Expert firmware analyst specializing in embedded systems, IoT security, and hardware reverse engineering.

39,227 Updated today
sickn33
AI & Automation Featured

analyzing-uefi-bootkit-persistence

Analyzes UEFI bootkit persistence mechanisms including firmware implants in SPI flash, EFI System Partition (ESP) modifications, Secure Boot bypass techniques, and UEFI variable manipulation. Covers detection of known bootkit families (BlackLotus, LoJax, MosaicRegressor, MoonBounce, CosmicStrand), ESP partition forensic inspection, chipsec-based firmware integrity verification, and Secure Boot configuration auditing. Activates for requests involving UEFI malware analysis, firmware persistence investigation, boot chain integrity verification, or Secure Boot bypass detection.

12,642 Updated today
mukul975
AI & Automation Featured

performing-plc-firmware-security-analysis

This skill covers analyzing Programmable Logic Controller (PLC) firmware for security vulnerabilities including hardcoded credentials, insecure update mechanisms, backdoor functions, memory corruption flaws, and undocumented debug interfaces. It addresses firmware extraction from common PLC platforms (Siemens S7, Allen-Bradley, Schneider Modicon), static analysis of firmware images, dynamic analysis in emulated environments, and comparison against known-good baselines to detect tampering.

12,642 Updated today
mukul975