‘strings’ is a very powerful good little devil, present in every unix like OS. Its primary job is to hunt down and print text strings embedded in binary strings such as executables. Like every other tool, it is very useful for both hackers and crackers. Pentesters specifically can use this tool to identify vulnerabilities(read static passwords/pass phrases and usernames) during black-box testing of apps.

Usage of ‘strings’ on mac is extremely simple and just requires firing up the terminal and typing in: strings filename

The output is a list of strings present in the binary(if any). So, Coders using static passwords, please beware!

Common usage includes piping it to grep and fold or redirecting the output to a file.

 

Advertisements