strings Command in Linux with Examples

This Linux command is used to print the printable content of the file. Now a question may be arises how this command is different from other commands like cat or less command? This command actually prints printable and clear words of at least 4 characters long instead of any data. The maximum string length is 4096.

Linux strings command actually useful to extract printable characters from binary files. This command is extremely useful for Penetration Tester, Malware Analyst, and Reverse Engineer. This article covers the strings Command in Linux with Examples.

(1) Basic Usage of strings command

I have run strings command against random exe file that I downloaded from the internet. This command will show strings of at least 4 characters (default) without showing non printable data.

strings test.exe

If you use any other command to see content like less, lets see what is output:

less test.exe

Now we will see different options available in the strings command.

(2) Change the default limit of characters in strings

Now suppose you want to see more meaningful data by increasing the limit of default 4 characters. This you can do by using the -n option. Remember more the limit of characters in the string, more chance you get some meaningful data and less the limit, more junk data.

strings -n 10 test.exe

(3) Combine with other commands

Below command illustrate the use of multiple commands with strings command.

strings -n 10 test.exe | less

(4) Include whitespaces

Option -w include whitespace as a valid character. The below command displays strings that include whitespaces of length 100 or more.

strings -n 100 -w test.exe

(5) Print the name of file before each string

Below command print name of file before each string after identifying string of length of 20

strings -n 20 -f test.exe

(6) Check version of strings command

You can use any of the option to know the version of Linux string command.

strings -v

strings -V

strings --version

(7) Print the string offset

Below command display offset value of each line with search for strings atleast 20 characters long.

strings -n 20 -o test.exe

(8) Show offset in hexadecimal

Below query search for strings of length atleast 50 characters and display the offset position of each line in hexadecimal format:

strings -n 50 -t x test.exe

(9) Use of multiple files with strings command

Below command search for strings atleast 100 characters long in two files and display results. As discussed earlier, -f options display file name in the beginning against each line. Below command is helpful in searching two or more files simultaneously.

strings -f -n 100 <file1> <file2>

(10) To see Help option

strings --help

Conclusion

This article covers major options available for the Linux strings command. You can use it against big binaries to extract the juicy information.