katana.units.forensics.binwalk — Binwalk

Binwalk file carving

This unit will run binwalk to extract other files out of one given file. The syntax runs as:

binwalk -e <target_path> --directory <binwalk_directory> --dd=.* -M

class katana.units.forensics.binwalk.Unit(*args, **kwargs)

Bases: katana.unit.FileUnit

BLOCKED_GROUPS = ['carver']

Groups which this unit cannot recurse into.

DEPENDENCIES = ['binwalk']

Required depenencies for this unit “binwalk”. This must be in your PATH to be executed.

GROUPS = ['forensics', 'binwalk', 'carver']

These are “tags” for a unit. Considering it is a Forensics unit, “forensics” is included, as well as the unit name “binwalk”.

PRIORITY = 30

Priority works with 0 being the highest priority, and 100 being the lowest priority. 50 is the default priorty. This unit has a moderately high priority due to speed and broadness of applicability

RECURSE_SELF = False

Don’t recurse into any of the extract objects. Binwalk should have carved them out already.

evaluate(case: Any)

Evaluate the target. Run binwalk on the target and recurse on any new found files.

Parameters:case – A case returned by enumerate. For this unit, the enumerate function is not used. Returns:None. This function should not return any data.

katana.units.forensics.binwalk.md5sum(path: str) → _hashlib.openssl_md5

Quick convenience function to get the MD5 hash of a file