strings

Practical examples of using the strings utility to extract printable ASCII and Unicode text from binaries, memory devices, firmware tables, core dumps, and archives. Common use cases include firmware inspection, malware analysis, memory forensics, credential hunting, and reverse engineering, with techniques for noise reduction, filtering, and pattern matching

s

strings -n 20 /sys/firmware/dmi/tables/DMI | less

Reading raw physical memory strings from /dev/mem

strings -n20 /dev/mem|head -n25

Extract printable strings from firmware tables

strings -n 20 /sys/firmware/dmi/tables/DMI | less

Scan a binary for hardcoded credentials

strings ./app.bin | grep -iE 'password|passwd|secret|token'

Find URLs embedded in an executable

strings ./malware.bin | grep -E 'https?://'

Extract strings from a shared library

strings /lib/x86_64-linux-gnu/libc.so.6 | less

Limit output to printable ASCII only

strings -a ./binary_file

Increase minimum string length for noise reduction

strings -n 12 ./core_dump | less

Analyze a memory dump for readable content

strings -n 8 memory.dump | less

Identify file paths embedded in a binary

strings ./program | grep '/'

Extract environment-like variables from a binary

strings ./binary | grep '='

Search for IP addresses inside a binary

strings ./payload.bin | grep -E '([0-9]{1,3}\.){3}[0-9]{1,3}'

Inspect a compressed file without extracting it

strings archive.gz | less

Analyze a crashed program core file

strings core | grep -i error

Extract Unicode (UTF-16) strings from a Windows binary

strings -el malware.exe | less

Find suspicious PowerShell commands inside a binary

strings malware.exe | grep -i powershell

Pipe strings output into a wordlist for further analysis

strings ./binary | sort -u > extracted_strings.txt