stng stable

Advanced string extraction specialized for binary analysis. Extracts meaningful strings while filtering garbage, with built-in deobfuscation and IOC classification. Pure safe Rust — no unsafe blocks.

Capabilities

• Garbage filtering — automatically removes unusable noise (override with --unfiltered)
• XOR obfuscation detection — single/multi-byte keys with entropy analysis, double-layer (encoding+XOR)
• Encoding detection — Base64, Base32, Base85, hex, URL-encoding, Unicode escapes
• Language-aware extraction — Go/Rust {ptr, len} structures, DWARF stack strings
• Binary network structures — hardcoded IPs/ports in socket structures
• IOC classification — IPs, URLs, shell commands, paths, credentials
• Wide strings — UTF-16LE support for Windows PE binaries
• Multi-format — ELF, PE, Mach-O, raw binaries, overlays

Install

$ cargo install --git https://codeberg.org/atomdrift/stng

Usage

$ stng malware.bin              # full analysis with XOR auto-detection
$ stng -i malware.bin           # interesting strings only
$ stng --json malware.bin       # machine-readable with encoding metadata

Library

let strings = stng::extract_strings(&std::fs::read("sample")?, 4);