Script for searching the extracted firmware file system for goodies!
Switch branches/tags
Nothing to show
Clone or download
Latest commit d949965 Jun 6, 2018
Failed to load latest commit information.
data Update sslfiles Jun 6, 2018 Update Aug 31, 2017
eslintrc.json Create eslintrc.json Mar 16, 2016
firmwalker-logo.jpg Added files via upload Feb 21, 2016 Update Jun 6, 2018
license Create license Feb 13, 2016



A simple bash script for searching the extracted or mounted firmware file system.

It will search through the extracted or mounted firmware file system for things of interest such as:

  • etc/shadow and etc/passwd
  • list out the etc/ssl directory
  • search for SSL related files such as .pem, .crt, etc.
  • search for configuration files
  • look for script files
  • search for other .bin files
  • look for keywords such as admin, password, remote, etc.
  • search for common web servers used on IoT devices
  • search for common binaries such as ssh, tftp, dropbear, etc.
  • search for URLs, email addresses and IP addresses
  • Experimental support for making calls to the Shodan API using the Shodan CLI


  • If you wish to use the static code analysis portion of the script, please install eslint: npm i -g eslint
  • ./firmwalker {path to root file system} {path for firmwalker.txt}
  • Example: ./firmwalker linksys/fmk/rootfs ../firmwalker.txt
  • A file firmwalker.txt will be created in the same directory as the script file unless you specify a different filename as the second argument
  • Do not put the file inside the directory to be searched, this will cause the script to search itself and the file it is creating
  • chmod 0700

How to extend

Example Files -!AucQMYXJNefdvGZyeYt16H72VCLv

  • - contains files from random extracted router firmware. Firmwalker can be run against this file system.
  • rt-ac66u.txt - firmwalker output file
  • xc.txt - firmwalker output file from Ubiquiti device

Script created by Craig Smith and expanded by:

  • Athanasios Kostopoulos
  • misterch0c