strings
Extract printable strings from files to analyze malware by revealing embedded text, URLs, and configuration data for security investigation.
Instructions
Extract printable strings from a file
Example usage:
Basic strings extraction: { "target": "suspicious.exe" }
With minimum length: { "target": "suspicious.exe", "minLength": 10 }
With encoding: { "target": "suspicious.exe", "encoding": "l" }
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| target | Yes | Target file or data to analyze | |
| options | No | Additional command-line options | |
| minLength | No | Minimum string length to display | |
| encoding | No | String encoding (s=7-bit, S=8-bit, b=16-bit big-endian, l=16-bit little-endian, etc.) |
Implementation Reference
- commands.js:48-60 (handler)The buildCommand function constructs the shell command string for the 'strings' tool by incorporating optional parameters like minLength and encoding.
buildCommand: (args) => { let options = args.options ? args.options : ''; if (args.minLength) { options += ` -n ${args.minLength}`; } if (args.encoding) { options += ` -e ${args.encoding}`; } return `strings ${options} ${args.target}`; }, - commands.js:41-47 (schema)Zod schema definition for the 'strings' tool inputs, extending base schema with minLength and encoding parameters.
strings: { name: 'strings', description: 'Extract printable strings from a file', schema: baseCommandSchema.extend({ minLength: z.number().optional().describe("Minimum string length to display"), encoding: z.enum(['s', 'S', 'b', 'l', 'B', 'L']).optional().describe("String encoding (s=7-bit, S=8-bit, b=16-bit big-endian, l=16-bit little-endian, etc.)") }), - serverMCP.js:112-121 (registration)Dynamically registers all specialized tools, including 'strings', in the MCP tools list response using their configuration from commands.js.
// Generate tools from commands configuration const specializedTools = Object.values(commands).map(cmd => ({ name: cmd.name, description: cmd.description + (cmd.helpText ? '\n' + cmd.helpText : ''), inputSchema: zodToJsonSchema(cmd.schema), })); return { tools: [...basicTools, ...specializedTools], }; - serverMCP.js:129-164 (handler)MCP tool call handler for specialized commands like 'strings': schema validation, command building, execution via terminalManager, and result formatting.
// Check if this is a specialized command if (commands[name]) { try { const cmdConfig = commands[name]; // Validate arguments against schema const validationResult = cmdConfig.schema.safeParse(args); if (!validationResult.success) { return { content: [{ type: "text", text: `Error: Invalid parameters for ${name} command.\n${JSON.stringify(validationResult.error.format())}` }], isError: true, }; } // Build the command string const commandStr = cmdConfig.buildCommand(validationResult.data); console.error(`Executing specialized command: ${commandStr}`); // Execute the command via the terminal manager const result = await terminalManager.shellCommand(commandStr); console.error(`${name} command executed with PID: ${result.pid}, blocked: ${result.isBlocked}`); return { content: [{ type: "text", text: JSON.stringify(result) }], }; } catch (error) { console.error(`Error executing ${name} command:`, error); return { content: [{ type: "text", text: `Error: ${error instanceof Error ? error.message : String(error)}` }], isError: true, }; } }