rafind2 - Man Page

advanced command-line byte pattern search in files

Synopsis

rafind2

[-a align] [-b size] [-c] [-e regex] [-f from] [-F file] [-h] [-i] [-j] [-L] [-m] [-M mask] [-n] [-q] [-r] [-s str] [-S str] [-t to] [-v] [-V s:num | s:num1,num2] [-x hex] [-X] [-z] [-Z] file|dir ..

Description

rafind2 is a versatile program designed to find byte patterns in files.

The following options are available:

-a align: Only accept aligned search results.
-b size: Define the block size for searching. Depending on the cpu cache, memory and storage different sizes may affect the performance.
-c: Disable colorful output, primarily useful for non-interactive or batch use-cases.
-e regex: Search for matches using regular expressions. Multiple expressions can be provided.
-f from: Specify the starting address for the search. (See -t)
-F file: Read keywords from the specified file for searching.
-h: Display the help message.
-i: Identify the filetype using similar techniques as the 'file' command.
-j: Output results in JSON format.
-L: List all available I/O plugins.
-m: Perform magic search to identify file types based on signatures.
-M mask: Apply a binary mask to the keywords before searching.
-n: Continue searching even if read errors occur.
-q: Quiet mode: suppress headings or filenames in the output.
-r: Print results using radare commands.
-s str: Search for the specified string(s) in the file(s).
-S str: Search for wide strings (Unicode) in the file(s).
-t to: Specify the ending address for the search. (See -f)
-v: Display the version of rafind2 and exit.
-V s:num | s:num1,num2: Search for the given value using little-endian notation. A single value can be specified (e.g., -V 4:123) or a range of values can be searched by providing two values separated by a comma (e.g., -V 4:100,200).
-x hex: Search for the specified hex pattern(s) in the file(s).
-X: Display the hexdump of search results.
-z: Search for zero-terminated strings.
-Z: Display strings found on each search hit.