Bstrings is an open source console-based tool for Windows Vista and later which makes it easy to search files for important strings: URLs, email, IP or MAC addresses, UNC paths, GUIDs, credit card numbers, US phone numbers, zip codes and more.
Basic operations are much like many similar tools. Point the program at a file – bstrings -f file.exe – and it’ll list any ASCII and Unicode strings for you.
If you’ve used this type of utility before, you’ll know that it generally returns a vast amount of garbage. It’s the same here, but bstrings has plenty of command line switches to help. You’re able to set a minimum and maximum string length. To look for ASCII/ Unicode strings only. To sort results alphabetically, or by length.
Better still, there’s support for searching by regular expressions, which gives you enormous control over the search.
If regular expressions are just too cryptic for you, no problem, bstrings has some presets which don’t need any regexperience. Try this (making sure you use a single dash before the f, a double dash before the lr).
bstrings -f file.exe –lr url3986
That particular command searches the file for any URLs matching RFC 3986, and there are similar canned searches to find email, IP or MAC addresses, UNC paths, GUIDs, credit card numbers, US phone numbers, zip codes and more.
We’re using executable files in the example commands here, but of course bstrings works with anything. You could use it to scan documents, network traffic dumps, internet software index or history files, whatever you like. There’s no guarantee of success – if the file is packed or compressed, say, bstrings won’t be able to see its data – but it’s still a smart investigative tool.
Bstrings is available now for Windows Vista and later.