Click or drag file here to analyze
| Type | Magic Bytes | Extension |
|---|---|---|
| PNG | 89 50 4E 47 0D 0A 1A 0A |
.png |
| JPEG | FF D8 FF |
.jpg/.jpeg |
| GIF | 47 49 46 38 |
.gif |
25 50 44 46 |
||
| ZIP/DOCX | 50 4B 03 04 |
.zip/.docx |
| RAR | 52 61 72 21 |
.rar |
| 7z | 37 7A BC AF 27 1C |
.7z |
| ELF | 7F 45 4C 46 |
Linux executable |
| EXE/DLL | 4D 5A |
.exe/.dll |
| SQLite | 53 51 4C 69 74 65 |
.db/.sqlite |
Click or drag file to view hex
Click or drag file to extract strings
Hide/extract data in image LSB
Click or drag PNG/BMP image
| Tool | Command |
|---|---|
| steghide | Linuxsteghide extract -sf image.jpg |
| zsteg | Linuxzsteg image.png |
| binwalk | Linuxbinwalk -e file |
| foremost | Linuxforemost -i file |
| exiftool | Linuxexiftool image.jpg |
| strings | Linuxstrings file | grep -i flag |
| xxd | Linuxxxd file | head |
Click or drag image to view metadata
| Task | Command |
|---|---|
| File type | Linuxfile suspicious_file |
| Hex dump | Linuxxxd file | head -50 |
| Strings | Linuxstrings file | grep -iE "flag|ctf|key"
|
| Binwalk | Linuxbinwalk -e file |
| Foremost | Linuxforemost -i file -o output/ |
| Exiftool | Linuxexiftool image.jpg |
| Steghide | Linuxsteghide extract -sf image.jpg -p ""
|
| zsteg | Linuxzsteg -a image.png |
| PDF extract | Linuxpdftotext file.pdf - |
| ZIP password | Linuxfcrackzip -u -D -p wordlist.txt file.zip
|
| Memory dump | Anyvolatility -f dump.raw imageinfo |
| Disk image | Linuxfdisk -l image.dd |
| Task | Command |
|---|---|
| Image info | Anyvolatility -f dump imageinfo |
| Process list | Anyvolatility -f dump --profile=Win7SP1x64 pslist
|
| Network | Anyvolatility -f dump --profile=Win7SP1x64 netscan
|
| Files | Anyvolatility -f dump --profile=Win7SP1x64 filescan
|
| Registry | Anyvolatility -f dump --profile=Win7SP1x64 hivelist
|
| Hashdump | Anyvolatility -f dump --profile=Win7SP1x64 hashdump
|