bin2json extract recursively file, directory of files (or disk dump) metadata to json

Related tags

Binary Analysis & Reversing bin2json
Overview

bin2json

bin2json extract metadata from different binary file format to json.

It can take in input a file, a directory containing different files, a disk dump, or a disk device. After processing the data, it will export a json file containing all the extracted metadata. If a disk dump or device is provided it will recursively, analyze the partition, the file system, and the different kind of files present on the file system.

bin2json is part of the TAP project and the file type it support is the same as the tap project. (When new parser plugin is added to TAP bin2json is updated to include the new plugins).

At time of writting this documentation this is the file type that it support (it can be checked with the -v option)

exif : Extract EXIF info from file
ntfs : Read and parse NTFS filesystem
mft : Read and parse MFT file
prefetch : Parse prefetch file
partition : Parse MBR & GPT partition
lnk : Parse lnk file
evtx : Parse evtx file
registry : Parse registry file

Download & installation

Windows binary & Debian/Ubuntu package are available here

To install in Debian or Ubuntu :

sudo dpkg -i bin2json_0.1.0_amd64.deb

Building

To compile it you need to have cargo installed.

Then :

cargo build --release

It will generate the binary in :

target/release/bin2json

If you use tapir-ws (TAPIR workspace) rather than using directly this git repository, the file will be generated in :

../target/release/bin2json

You can also run it directly with cargo, example :

cargo run --release -- -f file_or_directory_path -o output.json

Building with device reading feature :

To compile it with device reading feature :

cargo build --release --features=device

You can check that it was compiled with the feature by running it with the -v option :

exif : Extract EXIF info from file
ntfs : Read and parse NTFS filesystem
mft : Read and parse MFT file
prefetch : Parse prefetch file
partition : Parse MBR & GPT partition
lnk : Parse lnk file
evtx : Parse evtx file
registry : Parse registry file
device : Mount a device

Running

Usage :

  USAGE:
      bin2json [FLAGS] [OPTIONS]

  FLAGS:
      -h, --help       Prints help information
      -v, --plugins    List embedded plugins
      -V, --version    Prints version information

  OPTIONS:
      -c, --config <FILE>      Config file path
      -d, --device <DEVICE>    Path to a device to parse
      -f, --file <FILE>        Path to the files to parse
      -o, --output <OUTPUT>    Output file

By default bin2json look if a config file named bin2json.toml is present in the same directory, you can also provide a config file via the (-c) or --config argument. If no config file is present binj2son will run all available plugins (see section configuration in this README).

The --file argument can point to a directory containing different files (collected by a triage tool for example), a single file, or disk a dump

Running with logging information

To show debug information you must run it with the env variable RUST_LOG set to 'warn' or 'info' depending of the level of information you want to be shown.

On Linux or Mac OS X :

RUST_LOG=info ./bin2json -f file_or_directory_path -o output.json

Configuration

The bin2json.toml file contain a map of plugin and data type. Bin2json will detect the type of the file and if it contain a compatible plugin it will run it against the file to extract the metadata.

[plugins_types]

ntfs = ["filesystem/ntfs"]
mft = ["filesystem/mft"]
partition = ["volume/partition"]
exif = ["image/jpeg", "image/png", "image/tiff"]
lnk = ["windows/lnk"]
prefetch = ["windows/prefetch"]
evtx = ["windows/evtx"]
registry = ["windows/registry"]

If you don't want to run some of the plugins you can comment or remove the one that you don't want. For example to avoid executing the evtx and registry plugin :

[plugins_types]

ntfs = ["filesystem/ntfs"]
mft = ["filesystem/mft"]
partition = ["volume/partition"]
exif = ["image/jpeg", "image/png", "image/tiff"]
lnk = ["windows/lnk"]
prefetch = ["windows/prefetch"]
#evtx = ["windows/evtx"]
#registry = ["windows/registry"]

If no config file is provided, bin2json will run all the plugins.

Help

Please join our Discord to ask questions or talk about the project.

License

The contents of this repository is available under Affero GPLv3 license.

You might also like...
File Tree Fuzzer allows you to create a pseudo-random directory hierarchy filled with some number of files.

FTZZ File Tree Fuzzer allows you to create a pseudo-random directory hierarchy filled with some number of files. Installation $ cargo +nightly install

Alex Saveau 22 Dec 28, 2022
Simple, cross-platform GameMaker lib for getting file metadata

File Metadata Tiny baby library for getting file metadata. Originally written to work for a GameMaker game a friend is creating. Table of Contents Ins

SpikeHD 3 Nov 28, 2023
Like jq, but for HTML. Uses CSS selectors to extract bits content from HTML files.

Like jq, but for HTML. Uses CSS selectors to extract bits content from HTML files. Mozilla's MDN has a good reference for CSS selector syntax.

Michael Maclean 6.3k Jan 3, 2023
Command line tool to extract various data from Blender .blend files

blendtool Command line tool to extract various data from Blender .blend files. Currently supports dumping Eevee irradiance volumes to .dds, new featur

null 2 Sep 26, 2021
RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust. ๐Ÿฆ€
RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust. ๐Ÿฆ€

Information: RDE1 is an old personal project (end 2022) that I didn't continue development on. It's part of a list of projects that helped me to learn

Quentin Texier (g0h4n) 32 Oct 6, 2023
ripgrep recursively searches directories for a regex pattern while respecting your gitignore
ripgrep recursively searches directories for a regex pattern while respecting your gitignore

ripgrep (rg) ripgrep is a line-oriented search tool that recursively searches the current directory for a regex pattern. By default, ripgrep will resp

Andrew Gallant 35k Jan 2, 2023
ripgrep recursively searches directories for a regex pattern while respecting your gitignore
ripgrep recursively searches directories for a regex pattern while respecting your gitignore

ripgrep (rg) ripgrep is a line-oriented search tool that recursively searches the current directory for a regex pattern. By default, ripgrep will resp

Andrew Gallant 35k Dec 31, 2022
Utility for recursively unzipping tuples, Options of tuples and Results of tuples.

Zipped Utility for recursively unzipping tuples, Options of tuples and Results of tuples. Install cargo add zipped Usage This crate is quiet straightf

Glacyr B.V. 2 Dec 4, 2022
Inspect dynamic dependencies of Mach-O binaries recursively

dylibtree dylibtree is a tool for inspecting the dynamic dependencies of a Mach-O binary recursively. It can be useful to understand what library load

Keith Smiley 53 Jul 3, 2023
Count zeroes on a disk or a file

Count zeroes on a disk or a file

Cecile Tonglet 1 Dec 12, 2021
Save disk space by cleaning non-essential files from software projects.
Save disk space by cleaning non-essential files from software projects.

Kondo ๐Ÿงน Cleans unneeded directories and files from your system. It will identify the disk space savings you would get from deleting temporary/unneces

Trent 920 Dec 27, 2022
CLI application to run clang-format on a set of files specified using globs in a JSON configuration file.
CLI application to run clang-format on a set of files specified using globs in a JSON configuration file.

run_clang_format CLI application for running clang-format for an existing .clang-format file on a set of files, specified using globs in a .json confi

martin 6 Dec 16, 2022
CLI application to run clang-tidy on a set of files specified using globs in a JSON configuration file.
CLI application to run clang-tidy on a set of files specified using globs in a JSON configuration file.

run-clang-tidy CLI application for running clang-tidy for an existing .clang-tidy file on a set of files, specified using globs in a .json configurati

martin 7 Nov 4, 2022
Utility to glitch and dump an AirTag

Airtag dumper Simple utility to glitch and dump the nRF52832 firmware on an airtag using cheap hardware. Requirements: An airtag A bluepill STM32F103

Willem Melching 143 Dec 22, 2022
mach-dump can parse Mach-O core dumps taken with lldb from macOS and iOS devices.

mach-dump mach-dump can parse Mach-O core dumps taken with lldb from macOS and iOS devices. It has no external dependencies. Example use std::path::Pa

Tobi 8 Sep 16, 2022
A wrapper around the code action dump from https://mcdiamondfire.com.

DiamondFire Action Dump for Rust A wrapper around the code action dump from https://mcdiamondfire.com. This currently only provides schema types for u

null 3 Sep 17, 2022
A tool to dump exposed .git repositories

git-dumper This repository houses a tool to dump exposed .git repositories. This is a rewrite from the original GitTools's Dumper project, but in a re

HoLLy 10 Dec 13, 2022
A tool to dump exposed .git repositories

git-dumper This repository houses a tool to dump exposed .git repositories. This is a rewrite from the original GitTools's Dumper project, but in a re

HoLLy 8 Nov 1, 2022
An handy tool that is intended to help your inventory cleanup or dump.

NeosVR Inventory Management Notes to foreign users This readme is written in Japanese. Please use external tool to translate this document into your l

Kisaragi 16 Dec 15, 2022
Releases(v0.1.0)
Owner
null
GitHub
Simple image metadata scrubber. Will remove EXIF, XMP and IPTC metadata.

Simple image metadata scrubber. Will remove EXIF, XMP and IPTC metadata.

Jae Lo Presti 12 Nov 29, 2022
dovi_meta is a CLI tool for creating Dolby Vision XML metadata from an encoded deliverable with binary metadata.

dovi_meta dovi_meta is a CLI tool for creating Dolby Vision XML metadata from an encoded deliverable with binary metadata. Building Toolchain The mini

Rainbaby 12 Dec 14, 2022
๐Ÿ“ฆ Unpack deep archive files recursively over a file tree or a folder

deep-unpack Unpack deep archive files recursively over a file tree or a folder. Usage [dependencies] deep-unpack = { version = "0.1.2" } Usage fn main

null 3 Dec 4, 2022
Decode Metaplex mint account metadata into a JSON file.

Simple Metaplex Decoder (WIP) Install From Source Install Rust. curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh Clone the source: git c

Samuel Vanderwaal 8 Aug 25, 2022
Periodically download a youtube playlist, extract audio, convert to mp3, move to directory (possibly synced using syncthing).

auto-dl Periodically download a youtube playlist, extract audio, convert to mp3, move to directory (possibly synced using syncthing). drop https://git

Paul Adenot 10 Jan 12, 2023
Scans a given directory for software of unknown provinence (SOUP) and dumps them in a json-file

Scans a given directory for software of unknown provinence (SOUP) and writes them to a json-file. The json-file contains name, version and a meta property for each SOUP.

Dunklas 4 Jul 5, 2022
Scans a given directory for software of unknown provinence (SOUP) and dumps them in a json-file

souper Scans a given directory for potential software of unknown provinence (SOUP) and writes them to a json-file. The json-file contains name, versio

Devies 2 Aug 26, 2022
Mount portable directory as consistent user directory.

PortableDesktop Mount portable directory as consistent user directory. PortableDesktopCli help PortableDesktopCli [options] <Target Path> <Link Path>

Kerwin Bryant 3 May 8, 2023
Filter, Sort & Delete Duplicate Files Recursively

Deduplicator Find, Sort, Filter & Delete duplicate files Usage Usage: deduplicator [OPTIONS] [scan_dir_path] Arguments: [scan_dir_path] Run Dedupl

Sreedev Kodichath 108 Jan 27, 2023
cryo is the easiest way to extract blockchain data to parquet, csv, or json

โ„๏ธ ?? cryo ?? โ„๏ธ cryo is the easiest way to extract blockchain data to parquet, csv, or json cryo is also extremely flexible, with many different opti

Paradigm 287 Jul 12, 2023