MStrings
mStrings extracts strings from files and classifies them using regular expressions, YARA rules, and MITRE ATT&CK mappings. It highlights potential indicators of compromise and suspicious behavior, grouping matches by tactic and technique. Ideal for quickly surfacing malicious capabilities in binaries, scripts, and documents.
Figure 19: MStrings
🔧 CLI Syntax
# Example 1: Scan a file
cargo run -p mstrings -- /path_to_file/
# Example 2: Save output as .txt
cargo run -p mstrings -- /path_to_file/ -o -t
# Example 3: Save output to a case folder
cargo run -p mstrings -- /path_to_file/ -o -t --case CaseXYZ
Use -o to save output and include one of the following format flags:
- -t → Save as .txt
- -j → Save as .json
- -m → Save as .md
If no file is provided, the tool will prompt you to enter the path interactively.
When --case is used, output is saved to:
saved_output/cases/CaseXYZ/mstrings/
Otherwise, results are saved to:
saved_output/mstrings/