ffind
Ffind - Advanced File Finder with Extraction
You are helping the user find and analyze files with advanced type detection and optional filesystem extraction capabilities using the ffind tool.
Tool Overview
Ffind analyzes files and directories, identifies file types, and can extract filesystems (ext2/3/4, F2FS) for deeper analysis. It's designed for firmware and IoT device analysis.
Instructions
When the user asks to analyze files, find specific file types, or extract filesystems:
-
Understand the target:
- Ask what path(s) they want to analyze
- Determine if they want to extract filesystems or just analyze
- Ask if they want all file types or just artifact types
-
Execute the analysis:
- Use the ffind command from the iothackbot bin directory
- Basic usage:
ffind <path> [<path2> ...] - To extract filesystems:
ffind <path> -e - Custom extraction directory:
ffind <path> -e -d /path/to/output - Show all file types:
ffind <path> -a - Verbose output:
ffind <path> -v
-
Output formats:
--format text(default): Human-readable colored output with type summaries--format json: Machine-readable JSON--format quiet: Minimal output
-
Extraction capabilities:
- Supports ext2/ext3/ext4 filesystems (requires e2fsprogs)
- Supports F2FS filesystems (requires f2fs-tools)
- Requires sudo privileges for extraction
- Default extraction location:
/tmp/ffind_<timestamp>
Examples
Analyze a firmware file to see file types:
ffind /path/to/firmware.bin
Extract all filesystems from a firmware image:
sudo ffind /path/to/firmware.bin -e
Analyze multiple files and show all types:
ffind /path/to/file1.bin /path/to/file2.bin -a
Extract to a custom directory:
sudo ffind /path/to/firmware.bin -e -d /tmp/my-extraction
Important Notes
- Extraction requires root/sudo privileges
- Requires external tools: e2fsprogs, f2fs-tools, util-linux
- Identifies "artifact" file types relevant to security analysis by default
- Use
-aflag to see all file types including common formats
More from brownfinesecurity/iothackbot
apktool
Android APK unpacking and resource extraction tool for reverse engineering. Use when you need to decode APK files, extract resources, examine AndroidManifest.xml, analyze smali code, or repackage modified APKs.
219jadx
Android APK decompiler that converts DEX bytecode to readable Java source code. Use when you need to decompile APK files, analyze app logic, search for vulnerabilities, find hardcoded credentials, or understand app behavior through readable source code.
188nmap
Professional network reconnaissance and port scanning using nmap. Supports various scan types (quick, full, UDP, stealth), service detection, vulnerability scanning, and NSE scripts. Use when you need to enumerate network services, detect versions, or perform network reconnaissance.
67onvifscan
ONVIF device security scanner for testing authentication and brute-forcing credentials. Use when you need to assess security of IP cameras or ONVIF-enabled devices.
23picocom
Use picocom to interact with IoT device UART consoles for pentesting operations including device enumeration, vulnerability discovery, bootloader manipulation, and gaining root shells. Use when the user needs to interact with embedded devices, IoT hardware, or serial consoles.
22telnetshell
Use telnet to interact with IoT device shells for pentesting operations including device enumeration, vulnerability discovery, credential testing, and post-exploitation. Use when the user needs to interact with network-accessible shells, IoT devices, or telnet services.
22