Strings Command in Linux Explained [With Examples]

Introduction

Often, files that aren't primarily text-based (like executables, .bin files, or other binary formats) might contain snippets of human-readable text. When we open those files you might see a lot of special characters, control sequences, and other non-readable content. Also, there is a safety concern about opening such files because of potentially malicious content.

In this guide, we learn about strings command in Linux to extract human-readable content without the potential pitfalls or clutter of opening it in a text editor.

Strings command

The strings command is used in Linux to extract printable strings from binary or non-text files. It scans the files to search for sequences of readable characters. We use it to examine executable files and libraries to fetch readable function and variable names, error messages, and embedded strings. 

A natural question that might come to your mind is how are strings different from the cat command. The strings command is primarily used to extract readable strings from binary files, while the cat command is used to display the contents of files.

The string command by default prints sequences of characters that are at least 4 characters long, unless you adjust the minimum string length with the -n option.

Syntax:

strings [options] filename

Where options can change the behavior of strings command and the filename should be the name of the file to search for printable strings.

Let's look into the basic usage of strings command:

strings openssl

This command search for human-readable strings stored in the openssl binary file. Whereas if you open the same file with any other tools for example head -10 openssl, its looks:

Understanding Options of Strings Command

The strings command comes with a set of useful options. Let's look into those.

For example, we will use the binary file whoami in /bin directory.

-n or --bytes :

By default, the string command scans for sequences of characters that are at least 4 characters long. But we can change this minimum length by using the -n command option.

Example:

For example to extract and display strings that are at least 2 characters long from a file named whoami.

strings -n 2 whoami

This command extract and displays strings that are at least 2 characters long from the file named whoami.

-f or --print-file-name :

The -f option is used to display the name of the file before each string. This comes helpful when you search in multiple files.

Example:

strings -f openssl whoami

This command search for the strings in files named openssl and whoami. From the output, you can easily identify which strings belong to which files.

-t radix or --radix=radix :

Use -t option to print the offset value within the file before each string. The strings command supports the following radix:

• o for octal
• x for hexadecimal
• d for decimal

Example:

strings -t d whoami

This command prints the strings with its corresponding decimal offset within the file whoami.

Note: You can also use -o without -t option, which is kept for backward compatibility.

-a or --all :

Sometimes depending on the file, the strings command may not scan the entire file. For example, on an object file, it might only scan loadable sections. To make sure the strings command scans the entire file use -a option.

Example:

strings -a sample.o

This command makes sure the entire sample.o file is scanned including initialized and loadable sections.

-e :

By default strings command searches for ASCII and UTF-8 text. You may use -e option to tell strings command to support additional character encoding. This comes useful when files are not primarily in ASCII.

Syntax:

strings -e encoding file-name

Supported encodings are:

• s for single-7-bit-byte characters.
• S for single-8-bit-byte characters.
• b for 16-bit little-endian.
• l for 32-bit little-endian.
• B for 16-bit big-endian.
• L for 32-bit big-endian.

Example:

strings -e S whoami

This command extracts and display 8-bit ASCII strings from a file named whoami.

Practical Use Cases of strings command

Let's look into a couple of practical use cases where you can use the string command.

Finding Specific Strings in Binary Files

Let's say we have a bunch of bin files and need to search for a specific keyword string. For this, we will incorporate strings command into a bash script.

#!/bin/bash

echo "Enter the keyword to search in the binary file: "
read keyword
echo "Keyword provided is $keyword"

for file in *.bin
do

    echo "Searching for $keyword in $file"
    result=$(strings "$file" | grep "$keyword")

    if [ ! -z "$result" ]
    then
        echo "$keyword found in $file"
    else
        echo "$keyword not found in $file. Moving to next" 
    fi
done

1. The script asks the user to provide the keyword as input.
2. It stores the user response in the variable named "keyword" and displays the response on the terminal.
3. It begins the search of the keyword in all the binary files one by one using a for loop.
4. The for loop iterator is named as "file". It begins searching for the keyword in the files with extension bin, one file at a time.
5. The script uses the strings command on every file to fetch the readable text and then looks for the keyword using the grep command.
6. We store this result in the "result" variable.
7. We then use an if block with -z option to check if the result variable is not null (empty).
8. For not null results, we print the success message that the keyword has been found along with the file name.
9. If null, we print that we couldn’t find the keyword in the current file and we move to the next one.

Counting Number of Printable Strings in a File

Let's write a bash script to count the number of printable strings from a file.

Example:

#!/bin/bash

echo "Enter file name: "
read file
echo "File provided is $file"

if [ ! -f "$file" ] 
then
    echo "File doesn't exist. Exiting…"
    exit
fi

count=$(strings "$file" | wc -l)
echo "Printable strings in $file is $count"

1. The script takes the user input for the name of the file.
2. It stores the user response in the variable named "file" and displays the response on the terminal.
3. The script verifies for the existence of the file provided in the input, using the -f option with the if statement.
4. If the file doesn’t exist, it prints an error message and terminates the script execution.
5. If the file exists, we apply the strings command on this file and pipe the result to wc -l command to count the number of lines in its input.
6. The variable count will hold the number of human-readable strings found in the file specified by $file.

If this resource helped you, let us know your care by a Thanks Tweet. Tweet a thanks

Did you find this article helpful?

We are glad you liked the article. Share with your friends.

"]

Sorry about that.

How can we improve it?