# Install binwalk with Homebrew, apk, apt, dnf, MacPorts, Nix, pacman, zypper

Searches a binary image for embedded files and executable code. Version 3.1.0 via Homebrew; verified 2026-06-25.

## Install

```sh
sudo av install brew:binwalk
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install binwalk
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install binwalk
```

  Evidence: MacPorts ports tree: cross/binwalk/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add binwalk
```

  Evidence: Alpine Linux edge package indexes: binwalk from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install binwalk
```

  Evidence: Debian stable package indexes: binwalk from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install binwalk
```

  Evidence: Fedora Rawhide package metadata: binwalk from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#binwalk
```

  Evidence: nixpkgs package indexes: pkgs/by-name/bi/binwalk/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S binwalk
```

  Evidence: Arch Linux sync databases: binwalk from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install binwalk
```

  Evidence: openSUSE Tumbleweed package metadata: binwalk from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

## Package facts

- **Package key:** brew:binwalk
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/binwalk>
- **Version:** 3.1.0
- **Source summary:** Searches a binary image for embedded files and executable code
- **Homepage:** <https://github.com/ReFirmLabs/binwalk>
- **Repository:** <https://github.com/ReFirmLabs/binwalk>
- **Upstream docs:** <https://github.com/ReFirmLabs/binwalk#readme>
- **License:** MIT
- **Source archive:** <https://github.com/ReFirmLabs/binwalk/archive/refs/tags/v3.1.0.tar.gz>
- **Last updated:** 2026-06-25T07:50:10Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- binwalk (cli)
- binwalk (alias)

## Dependencies

- sevenzip

## Build dependencies

- pkgconf
- rust

## Uses from macOS

- bzip2
- xz

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.1.0
- Package-manager updated: 2026-06-25
- Local data: ok
- Upstream repository: https://github.com/ReFirmLabs/binwalk
- Upstream latest detected: v3.1.0 (current)
## Project history and usage

Binwalk is the firmware-analysis command-line tool package nerds reach for when an opaque router, camera, appliance, or IoT image needs to be split into recognizable files, compressed streams, bootloaders, file systems, and entropy regions.

### Project history

The public ReFirmLabs repository records Binwalk as a firmware analysis tool and names Craig Heffner as the package author in the current Cargo metadata. The repository was created on GitHub in 2013, and its public release line includes the v2.0.0 release in July 2014, v2.1.1 in December 2015, and v2.3.x releases through 2023.

Binwalk v3 is a major rewrite of the tool in Rust. The current README describes it as an updated Binwalk firmware analysis tool rewritten in Rust for speed and accuracy, while retaining the core job of identifying and optionally extracting embedded files and data.

### Adoption history

Binwalk moved from a specialist firmware reverse-engineering utility into a standard package-manager tool: the input package metadata lists it in Homebrew, Debian, Ubuntu, Fedora/dnf, Alpine/apk, Arch/pacman, MacPorts, Nix, and openSUSE/zypper. Its GitHub repository also shows large public adoption for a firmware tool, with more than fourteen thousand stars and active releases into the v3 era.

Its adoption tracks the growth of embedded-device security work. As firmware dumps became routine artifacts in vulnerability research and supply-chain review, a single installable CLI that could scan signatures, carve contents, and graph entropy became a default first pass before more manual reverse engineering.

### How it is used

Typical use starts with running `binwalk firmware.bin` to identify embedded data. The README documents optional extraction, support for many file and data signatures, entropy analysis for spotting compression or encryption, and integration into Rust projects through the library interface.

Package users usually care that it is scriptable and easy to install: it fits into firmware triage pipelines, CTF workflows, vendor image audits, and quick checks of suspicious binary blobs.

### Why package nerds care

Binwalk is one of those packages whose name becomes a verb in a niche: before opening Ghidra or writing custom unpackers, people 'binwalk it'. That cultural position matters in package history because it turned firmware analysis from a bespoke lab setup into a command available from mainstream Unix package managers.

The v3 Rust rewrite is also package-nerd interesting. It keeps the familiar CLI identity while moving the implementation toward a safer, faster compiled toolchain and exposing a Rust library surface, which makes it both a classic Unix utility and a modern reusable component.

### Timeline

- 2013: ReFirmLabs/binwalk repository created on GitHub.
- 2014: Binwalk v2.0.0 released.
- 2015: Binwalk v2.1.1 released.
- 2021: Binwalk v2.3.0 and v2.3.1 released.
- 2023: Binwalk v2.3.4 released.
- 2024: Binwalk v3.1.0 released after the Rust rewrite.

### Related projects

- The Binwalk package sits beside firmware and binary-analysis tools such as file, foremost, squashfs-tools, unsquashfs, sasquatch-style extractors, entropy visualizers, and reverse-engineering suites. The v3 Cargo metadata also references the delink project as a dependency.
- Its closest package-manager relationship is with the ecosystem of firmware unpacking helpers that users install around it, because Binwalk often identifies containers that other tools then extract or inspect.

### Sources

- <https://github.com/ReFirmLabs/binwalk>
- <https://github.com/ReFirmLabs/binwalk/releases>
- <https://raw.githubusercontent.com/ReFirmLabs/binwalk/master/Cargo.toml>
- <https://raw.githubusercontent.com/ReFirmLabs/binwalk/master/README.md>
- source_facts.package-manager


## Security Notes

broad file, network, media, or database tool signal.

- **Geiger risk:** blue / medium
- broad file, network, media, or database tool signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** binwalk
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - binwalk - 2.4.3+dfsg1-2: normalized package name match | Debian stable package indexes: binwalk from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | tool library for analyzing binary blobs and executable code | https://github.com/ReFirmLabs/binwalk
- Debian apt - python3-binwalk - 2.4.3+dfsg1-2: normalized package name match | Debian stable package indexes: python3-binwalk from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Python3 library for analyzing binary blobs and executable code | https://github.com/ReFirmLabs/binwalk
- Nix - binwalk: normalized package name match | nixpkgs package indexes: pkgs/by-name/bi/binwalk/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - binwalk - 2.3.4+dfsg1-5: normalized package name match | Ubuntu 24.04 LTS package indexes: binwalk from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | tool library for analyzing binary blobs and executable code | https://github.com/ReFirmLabs/binwalk
- Ubuntu apt - python3-binwalk - 2.3.4+dfsg1-5: normalized package name match | Ubuntu 24.04 LTS package indexes: python3-binwalk from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Python3 library for analyzing binary blobs and executable code | https://github.com/ReFirmLabs/binwalk
- apk - binwalk - 3.1.0-r0: normalized package name match | Alpine Linux edge package indexes: binwalk from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Fast, easy to use tool for analyzing and extracting firmware images | https://github.com/ReFirmLabs/binwalk/
- dnf - binwalk - 2.3.4-18.fc45: normalized package name match | Fedora Rawhide package metadata: binwalk from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Firmware analysis tool | https://github.com/ReFirmLabs/binwalk
- pacman - binwalk - 3.1.0-1: normalized package name match | Arch Linux sync databases: binwalk from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Tool for searching a given binary image for embedded files | https://github.com/ReFirmLabs/binwalk
- zypper - binwalk - 3.1.0-1.3: normalized package name match | openSUSE Tumbleweed package metadata: binwalk from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Firmware Analysis Tool | https://github.com/ReFirmLabs/binwalk/
- MacPorts - binwalk: normalized package name match | MacPorts ports tree: cross/binwalk/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [sevenzip](https://www.automicvault.com/pkg/brew/sevenzip/) - Runtime dependency declared by Homebrew.
- [pkgconf](https://www.automicvault.com/pkg/brew/pkgconf/) - Build dependency declared by Homebrew.
- [rust](https://www.automicvault.com/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [afflib](https://www.automicvault.com/pkg/brew/afflib/) - Shares av.db curated category or tags: cli, forensics, security.
- [bulk_extractor](https://www.automicvault.com/pkg/brew/bulk-extractor/) - Shares av.db curated category or tags: cli, forensics, security.
- [chainsaw](https://www.automicvault.com/pkg/brew/chainsaw/) - Shares av.db curated category or tags: cli, forensics, security.
- [dc3dd](https://www.automicvault.com/pkg/brew/dc3dd/) - Shares av.db curated category or tags: cli, forensics, security.
- [dcfldd](https://www.automicvault.com/pkg/brew/dcfldd/) - Shares av.db curated category or tags: cli, forensics, security.
- [evtx](https://www.automicvault.com/pkg/brew/evtx/) - Shares av.db curated category or tags: cli, forensics, security.
- [foremost](https://www.automicvault.com/pkg/brew/foremost/) - Shares av.db curated category or tags: cli, forensics, security.
- [hack-browser-data](https://www.automicvault.com/pkg/brew/hack-browser-data/) - Shares av.db curated category or tags: cli, forensics, security.
- [md5deep](https://www.automicvault.com/pkg/brew/md5deep/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, files, forensics, security.

## Combined YAML source

View the package source record on GitHub. [combined/binwalk.yml](https://github.com/automic-vault/db/blob/main/combined/binwalk.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
