ffind_skill

This skill helps you analyze firmware and extract embedded filesystems using ffind, identifying artifact types and enabling deep filesystem inspection.
  • Python

520

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill brownfinesecurity/iothackbot --skill ffind

  • SKILL.md2.4 KB

Overview

This skill is an advanced file finder focused on firmware and IoT analysis. It detects file types, highlights security-relevant artifacts, and can extract embedded filesystems (ext2/3/4 and F2FS) for deeper inspection. Use it to quickly map contents of firmware images and produce machine- or human-readable reports.

How this skill works

ffind scans one or more paths and classifies contained objects by type, preferring artifact types useful for security analysis by default. It can optionally mount and extract embedded filesystems when requested, requiring appropriate system tools and sudo. Output can be emitted as colored text, JSON for automation, or a quiet minimal form for scripting.

When to use it

  • Investigating firmware images to discover binaries, configs, certificates, or scripts.
  • Extracting embedded ext2/3/4 or F2FS filesystems for manual inspection or carving.
  • Creating machine-readable inventories of firmware contents for triage or automated pipelines.
  • Running broad searches across multiple firmware blobs to find specific file types or indicators.
  • Preparing data for reverse engineering, static analysis, or vulnerability scanning.

Best practices

  • Always run extraction (-e) with sudo and ensure e2fsprogs and f2fs-tools are installed on the analysis host.
  • Default behavior reports artifact types; use -a to reveal all file types when you need full coverage.
  • Use --format json when integrating into automation, CI, or other tooling for reliable parsing.
  • Specify a custom extraction directory (-d) to control disk usage and keep extractions organized.
  • Run with -v for verbose diagnostics when an image fails to extract or types are unclear.

Example use cases

  • Quickly enumerate types in a firmware blob: ffind /path/to/firmware.bin
  • Extract all embedded filesystems for manual review: sudo ffind /path/to/firmware.bin -e
  • Scan multiple images and show every detected format: ffind /path/to/a.bin /path/to/b.bin -a
  • Extract into a named workspace for follow-up tools: sudo ffind /path/to/firmware.bin -e -d /tmp/my-extraction
  • Emit JSON for automated analysis pipelines: ffind /path/to/firmware.bin --format json

FAQ

Extraction requires sudo privileges and external tools: e2fsprogs for ext2/3/4 and f2fs-tools for F2FS. Ensure util-linux is available for loop/mount helpers.

How do I get machine-readable output?

Use --format json to produce JSON suitable for scripts and downstream processing.

Why do I sometimes see fewer types by default?

By default ffind highlights security-relevant artifact types. Use -a to display all detected file types including common media or documents.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational