strings Command in Linux with Examples
This Linux command is used to print the printable content of the file. Now a question may be arises how this command is different from other commands like a cat or less command? This command actually prints printable and clear words of at least 4 characters long instead of any data. The maximum string length is 4096.
Linux strings command actually useful to extract printable characters from binary files. This command is extremely useful for Penetration testers, Malware Analysts, and Reverse engineers. This article covers the strings Command in Linux with Examples.
(1) Basic Usage of strings command
I have run the strings command against a random exe file that I downloaded from the internet. This command will show strings of at least 4 characters (default) without showing nonprintable data.
strings test.exe
If you use any other command to see content like less, let's see what is the output:
less test.exe
Now we will see different options available in the strings command.
(2) Change the default limit of characters in strings
Now suppose you want to see more meaningful data by increasing the limit of default 4 characters. This you can do by using the -n option. Remember more the limit of characters in the string, the more chance you get some meaningful data, and the less the limit, the more junk data.
strings -n 10 test.exe
(3) Combine with other commands
The below command illustrates the use of multiple commands with strings command.
strings -n 10 test.exe | less
(4) Include whitespaces
Option -w include whitespace as a valid character. The below command displays strings that include whitespaces of length 100 or more.
strings -n 100 -w test.exe
(5) Print the name of the file before each string
Below command print the name of the file before each string after identifying the string of a length of 20
strings -n 20 -f test.exe
(6) Check the version of the strings command
You can use any of the options to know the version of the Linux string command.
strings -v
strings -V
strings --version
(7) Print the string offset
The below command displays the offset value of each line with a search for strings at least 20 characters long.
strings -n 20 -o test.exe
(8) Show offset in hexadecimal
Below query search for strings of length at least 50 characters and display the offset position of each line in hexadecimal format:
strings -n 50 -t x test.exe
(9) Use of multiple files with strings command
Below the command search for strings at least 100 characters long in two files and display results. As discussed earlier, -f options display the file names at the beginning against each line. The below command is helpful in searching two or more files simultaneously.
strings -f -n 100 <file1> <file2>
(10) To see the Help option
strings --help
Conclusion
This article covers major options available for the Linux strings command. You can use it against big binaries to extract juicy information.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
