// Advanced file finder with type detection and filesystem extraction for analyzing firmware and extracting embedded filesystems. Use when you need to analyze firmware files, identify file types, or extract ext2/3/4 or F2FS filesystems.
Analyze digital and analog captures from Saleae Logic MSO devices. Decode protocols like UART, SPI, I2C from exported binary files. Use when analyzing logic analyzer captures for CTF challenges, hardware reverse engineering, or protocol decoding.
Use picocom to interact with IoT device UART consoles for pentesting operations including device enumeration, vulnerability discovery, bootloader manipulation, and gaining root shells. Use when the user needs to interact with embedded devices, IoT hardware, or serial consoles.
Network flow extractor that analyzes pcap/pcapng files to identify outbound connections with automatic DNS hostname resolution. Use when you need to enumerate network destinations, identify what hosts a device communicates with, or map IP addresses to hostnames from packet captures.
Android APK unpacking and resource extraction tool for reverse engineering. Use when you need to decode APK files, extract resources, examine AndroidManifest.xml, analyze smali code, or repackage modified APKs.
Static analysis of UEFI/BIOS firmware dumps using Intel's chipsec framework. Decode firmware structure, detect known malware and rootkits (LoJax, ThinkPwn, HackingTeam, MosaicRegressor), generate EFI executable inventories with hashes, extract NVRAM variables, and parse SPI flash descriptors. Use when analyzing firmware .bin/.rom/.fd/.cap files offline without requiring hardware access.
IoT network traffic analyzer for detecting IoT protocols and identifying security vulnerabilities in network communications. Use when you need to analyze network traffic, identify IoT protocols, or assess network security of IoT devices.
| name | ffind |
| description | Advanced file finder with type detection and filesystem extraction for analyzing firmware and extracting embedded filesystems. Use when you need to analyze firmware files, identify file types, or extract ext2/3/4 or F2FS filesystems. |
You are helping the user find and analyze files with advanced type detection and optional filesystem extraction capabilities using the ffind tool.
Ffind analyzes files and directories, identifies file types, and can extract filesystems (ext2/3/4, F2FS) for deeper analysis. It's designed for firmware and IoT device analysis.
When the user asks to analyze files, find specific file types, or extract filesystems:
Understand the target:
Execute the analysis:
ffind <path> [<path2> ...]ffind <path> -effind <path> -e -d /path/to/outputffind <path> -affind <path> -vOutput formats:
--format text (default): Human-readable colored output with type summaries--format json: Machine-readable JSON--format quiet: Minimal outputExtraction capabilities:
/tmp/ffind_<timestamp>Analyze a firmware file to see file types:
ffind /path/to/firmware.bin
Extract all filesystems from a firmware image:
sudo ffind /path/to/firmware.bin -e
Analyze multiple files and show all types:
ffind /path/to/file1.bin /path/to/file2.bin -a
Extract to a custom directory:
sudo ffind /path/to/firmware.bin -e -d /tmp/my-extraction
-a flag to see all file types including common formats