bin2json extract recursively file, directory of files (or disk dump) metadata to json

Overview

bin2json

bin2json extract metadata from different binary file format to json.

It can take in input a file, a directory containing different files, a disk dump, or a disk device. After processing the data, it will export a json file containing all the extracted metadata. If a disk dump or device is provided it will recursively, analyze the partition, the file system, and the different kind of files present on the file system.

bin2json is part of the TAP project and the file type it support is the same as the tap project. (When new parser plugin is added to TAP bin2json is updated to include the new plugins).

At time of writting this documentation this is the file type that it support (it can be checked with the -v option)

exif : Extract EXIF info from file
ntfs : Read and parse NTFS filesystem
mft : Read and parse MFT file
prefetch : Parse prefetch file
partition : Parse MBR & GPT partition
lnk : Parse lnk file
evtx : Parse evtx file
registry : Parse registry file

Download & installation

Windows binary & Debian/Ubuntu package are available here

To install in Debian or Ubuntu :

sudo dpkg -i bin2json_0.1.0_amd64.deb 

Building

To compile it you need to have cargo installed.

Then :

cargo build --release

It will generate the binary in :

target/release/bin2json

If you use tapir-ws (TAPIR workspace) rather than using directly this git repository, the file will be generated in :

../target/release/bin2json

You can also run it directly with cargo, example :

cargo run --release -- -f file_or_directory_path -o output.json

Building with device reading feature :

To compile it with device reading feature :

cargo build --release --features=device

You can check that it was compiled with the feature by running it with the -v option :

exif : Extract EXIF info from file
ntfs : Read and parse NTFS filesystem
mft : Read and parse MFT file
prefetch : Parse prefetch file
partition : Parse MBR & GPT partition
lnk : Parse lnk file
evtx : Parse evtx file
registry : Parse registry file
device : Mount a device

Running

Usage :

  USAGE:
      bin2json [FLAGS] [OPTIONS]

  FLAGS:
      -h, --help       Prints help information
      -v, --plugins    List embedded plugins
      -V, --version    Prints version information

  OPTIONS:
      -c, --config <FILE>      Config file path
      -d, --device <DEVICE>    Path to a device to parse
      -f, --file <FILE>        Path to the files to parse
      -o, --output <OUTPUT>    Output file

By default bin2json look if a config file named bin2json.toml is present in the same directory, you can also provide a config file via the (-c) or --config argument. If no config file is present binj2son will run all available plugins (see section configuration in this README).

The --file argument can point to a directory containing different files (collected by a triage tool for example), a single file, or disk a dump

Running with logging information

To show debug information you must run it with the env variable RUST_LOG set to 'warn' or 'info' depending of the level of information you want to be shown.

On Linux or Mac OS X :

RUST_LOG=info ./bin2json -f file_or_directory_path -o output.json

Configuration

The bin2json.toml file contain a map of plugin and data type. Bin2json will detect the type of the file and if it contain a compatible plugin it will run it against the file to extract the metadata.

[plugins_types]

ntfs = ["filesystem/ntfs"]
mft = ["filesystem/mft"]
partition = ["volume/partition"]
exif = ["image/jpeg", "image/png", "image/tiff"]
lnk = ["windows/lnk"]
prefetch = ["windows/prefetch"]
evtx = ["windows/evtx"]
registry = ["windows/registry"]

If you don't want to run some of the plugins you can comment or remove the one that you don't want. For example to avoid executing the evtx and registry plugin :

[plugins_types]

ntfs = ["filesystem/ntfs"]
mft = ["filesystem/mft"]
partition = ["volume/partition"]
exif = ["image/jpeg", "image/png", "image/tiff"]
lnk = ["windows/lnk"]
prefetch = ["windows/prefetch"]
#evtx = ["windows/evtx"]
#registry = ["windows/registry"]

If no config file is provided, bin2json will run all the plugins.

Help

Please join our Discord to ask questions or talk about the project.

License

The contents of this repository is available under Affero GPLv3 license.

You might also like...
File Tree Fuzzer allows you to create a pseudo-random directory hierarchy filled with some number of files.

FTZZ File Tree Fuzzer allows you to create a pseudo-random directory hierarchy filled with some number of files. Installation $ cargo +nightly install

Simple, cross-platform GameMaker lib for getting file metadata

File Metadata Tiny baby library for getting file metadata. Originally written to work for a GameMaker game a friend is creating. Table of Contents Ins

Like jq, but for HTML. Uses CSS selectors to extract bits content from HTML files.

Like jq, but for HTML. Uses CSS selectors to extract bits content from HTML files. Mozilla's MDN has a good reference for CSS selector syntax.

Command line tool to extract various data from Blender .blend files

blendtool Command line tool to extract various data from Blender .blend files. Currently supports dumping Eevee irradiance volumes to .dds, new featur

RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust. ๐Ÿฆ€
RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust. ๐Ÿฆ€

Information: RDE1 is an old personal project (end 2022) that I didn't continue development on. It's part of a list of projects that helped me to learn

ripgrep recursively searches directories for a regex pattern while respecting your gitignore
ripgrep recursively searches directories for a regex pattern while respecting your gitignore

ripgrep (rg) ripgrep is a line-oriented search tool that recursively searches the current directory for a regex pattern. By default, ripgrep will resp

ripgrep recursively searches directories for a regex pattern while respecting your gitignore
ripgrep recursively searches directories for a regex pattern while respecting your gitignore

ripgrep (rg) ripgrep is a line-oriented search tool that recursively searches the current directory for a regex pattern. By default, ripgrep will resp

Utility for recursively unzipping tuples, Options of tuples and Results of tuples.

Zipped Utility for recursively unzipping tuples, Options of tuples and Results of tuples. Install cargo add zipped Usage This crate is quiet straightf

Inspect dynamic dependencies of Mach-O binaries recursively

dylibtree dylibtree is a tool for inspecting the dynamic dependencies of a Mach-O binary recursively. It can be useful to understand what library load

Count zeroes on a disk or a file

Count zeroes on a disk or a file

Save disk space by cleaning non-essential files from software projects.
Save disk space by cleaning non-essential files from software projects.

Kondo ๐Ÿงน Cleans unneeded directories and files from your system. It will identify the disk space savings you would get from deleting temporary/unneces

Utility to glitch and dump an AirTag

Airtag dumper Simple utility to glitch and dump the nRF52832 firmware on an airtag using cheap hardware. Requirements: An airtag A bluepill STM32F103

mach-dump can parse Mach-O core dumps taken with lldb from macOS and iOS devices.

mach-dump mach-dump can parse Mach-O core dumps taken with lldb from macOS and iOS devices. It has no external dependencies. Example use std::path::Pa

A wrapper around the code action dump from https://mcdiamondfire.com.

DiamondFire Action Dump for Rust A wrapper around the code action dump from https://mcdiamondfire.com. This currently only provides schema types for u

A tool to dump exposed .git repositories

git-dumper This repository houses a tool to dump exposed .git repositories. This is a rewrite from the original GitTools's Dumper project, but in a re

A tool to dump exposed .git repositories

git-dumper This repository houses a tool to dump exposed .git repositories. This is a rewrite from the original GitTools's Dumper project, but in a re

An handy tool that is intended to help your inventory cleanup or dump.

NeosVR Inventory Management Notes to foreign users This readme is written in Japanese. Please use external tool to translate this document into your l

Inspect and dump OCI images.

reinlinsen ๐Ÿ‘€ rl is a tool to inspect and dump OCI images or single image layers. Installation From source If you have cargo installed you can just ru

CLI application to run clang-format on a set of files specified using globs in a JSON configuration file.
CLI application to run clang-format on a set of files specified using globs in a JSON configuration file.

run_clang_format CLI application for running clang-format for an existing .clang-format file on a set of files, specified using globs in a .json confi

Releases(v0.1.0)
Owner
null
Simple image metadata scrubber. Will remove EXIF, XMP and IPTC metadata.

Simple image metadata scrubber. Will remove EXIF, XMP and IPTC metadata.

Jae Lo Presti 12 Nov 29, 2022
dovi_meta is a CLI tool for creating Dolby Vision XML metadata from an encoded deliverable with binary metadata.

dovi_meta dovi_meta is a CLI tool for creating Dolby Vision XML metadata from an encoded deliverable with binary metadata. Building Toolchain The mini

Rainbaby 12 Dec 14, 2022
๐Ÿ“ฆ Unpack deep archive files recursively over a file tree or a folder

deep-unpack Unpack deep archive files recursively over a file tree or a folder. Usage [dependencies] deep-unpack = { version = "0.1.2" } Usage fn main

null 3 Dec 4, 2022
Decode Metaplex mint account metadata into a JSON file.

Simple Metaplex Decoder (WIP) Install From Source Install Rust. curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh Clone the source: git c

Samuel Vanderwaal 8 Aug 25, 2022
Periodically download a youtube playlist, extract audio, convert to mp3, move to directory (possibly synced using syncthing).

auto-dl Periodically download a youtube playlist, extract audio, convert to mp3, move to directory (possibly synced using syncthing). drop https://git

Paul Adenot 10 Jan 12, 2023
Scans a given directory for software of unknown provinence (SOUP) and dumps them in a json-file

Scans a given directory for software of unknown provinence (SOUP) and writes them to a json-file. The json-file contains name, version and a meta property for each SOUP.

Dunklas 4 Jul 5, 2022
Scans a given directory for software of unknown provinence (SOUP) and dumps them in a json-file

souper Scans a given directory for potential software of unknown provinence (SOUP) and writes them to a json-file. The json-file contains name, versio

Devies 2 Aug 26, 2022
Mount portable directory as consistent user directory.

PortableDesktop Mount portable directory as consistent user directory. PortableDesktopCli help PortableDesktopCli [options] <Target Path> <Link Path>

Kerwin Bryant 3 May 8, 2023
Filter, Sort & Delete Duplicate Files Recursively

Deduplicator Find, Sort, Filter & Delete duplicate files Usage Usage: deduplicator [OPTIONS] [scan_dir_path] Arguments: [scan_dir_path] Run Dedupl

Sreedev Kodichath 108 Jan 27, 2023
cryo is the easiest way to extract blockchain data to parquet, csv, or json

โ„๏ธ ?? cryo ?? โ„๏ธ cryo is the easiest way to extract blockchain data to parquet, csv, or json cryo is also extremely flexible, with many different opti

Paradigm 287 Jul 12, 2023