> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-5/data-recovery/trick-0324.md).

# Extract Embedded File Via Binwalk

***

Binwalk can automatically identify and extract various data structures embedded within a file, including hidden file systems or executable code. Use the `-e` or `--extract` flag to perform this extraction. This flag automatically extracts known file types.

```bash
binwalk -e <file>
```

This command will scan the file, identify embedded content, and automatically extract it into a new directory, typically named `<file>_extracted`. The extracted files will be stored in this folder.

To extract all identified file systems and executable code from a firmware image, you can use the `-e` flag. This will create a directory named after the input file with "\_extracted" appended, such as `firmware.bin_extracted`.

```bash
binwalk -e firmware.bin
```

For recursive scanning and extraction, you can combine the `-M` (Scan a file recursively) and `-e` flags.

```bash
binwalk -Me <filename>
```

This command `binwalk -Me file.bin` will recursively scan and extract all files to a folder. In some cases, performing extraction may require running binwalk with root privileges using the `--run-as=root` option to handle permissions or specific file system types.
