ffind_skill
- Python
520
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill brownfinesecurity/iothackbot --skill ffind- SKILL.md2.4 KB
Overview
This skill is an advanced file finder focused on firmware and IoT analysis. It detects file types, highlights security-relevant artifacts, and can extract embedded filesystems (ext2/3/4 and F2FS) for deeper inspection. Use it to quickly map contents of firmware images and produce machine- or human-readable reports.
How this skill works
ffind scans one or more paths and classifies contained objects by type, preferring artifact types useful for security analysis by default. It can optionally mount and extract embedded filesystems when requested, requiring appropriate system tools and sudo. Output can be emitted as colored text, JSON for automation, or a quiet minimal form for scripting.
When to use it
- Investigating firmware images to discover binaries, configs, certificates, or scripts.
- Extracting embedded ext2/3/4 or F2FS filesystems for manual inspection or carving.
- Creating machine-readable inventories of firmware contents for triage or automated pipelines.
- Running broad searches across multiple firmware blobs to find specific file types or indicators.
- Preparing data for reverse engineering, static analysis, or vulnerability scanning.
Best practices
- Always run extraction (-e) with sudo and ensure e2fsprogs and f2fs-tools are installed on the analysis host.
- Default behavior reports artifact types; use -a to reveal all file types when you need full coverage.
- Use --format json when integrating into automation, CI, or other tooling for reliable parsing.
- Specify a custom extraction directory (-d) to control disk usage and keep extractions organized.
- Run with -v for verbose diagnostics when an image fails to extract or types are unclear.
Example use cases
- Quickly enumerate types in a firmware blob: ffind /path/to/firmware.bin
- Extract all embedded filesystems for manual review: sudo ffind /path/to/firmware.bin -e
- Scan multiple images and show every detected format: ffind /path/to/a.bin /path/to/b.bin -a
- Extract into a named workspace for follow-up tools: sudo ffind /path/to/firmware.bin -e -d /tmp/my-extraction
- Emit JSON for automated analysis pipelines: ffind /path/to/firmware.bin --format json
FAQ
Extraction requires sudo privileges and external tools: e2fsprogs for ext2/3/4 and f2fs-tools for F2FS. Ensure util-linux is available for loop/mount helpers.
How do I get machine-readable output?
Use --format json to produce JSON suitable for scripts and downstream processing.
Why do I sometimes see fewer types by default?
By default ffind highlights security-relevant artifact types. Use -a to display all detected file types including common media or documents.