fq
Binary data analysis tool with jq-like query language for formats like MP4, PCAP, ELF, and packet captures
fq is a binary data analysis tool that combines the functionality of jq, hexdump, dd, and gdb into a single command-line interface. It uses jq expressions to query, inspect, and transform binary data across a wide variety of formats including media containers (MP4, FLAC, JPEG), executables (ELF, Mach-O), packet captures (PCAP with TCP reassembly), and serialization formats (JSON, YAML, XML, CBOR, protobuf). The tool supports over 150 binary formats and can decode nested structures with bit-level precision.
Built around a jq-compatible query language, fq allows users to extract specific data fields, filter content, and perform transformations on binary files. It features an interactive REPL with auto-completion and can present decoded data as tree structures or raw binary views. The tool handles format-specific decoding automatically, recognizing file types and applying appropriate parsers. For packet captures, it includes TCP stream reassembly capabilities.
fq targets developers, security researchers, and media professionals who need to analyze binary file formats programmatically. Basic usage follows the pattern fq . file for exploration or fq 'query' file for specific data extraction. The tool can slice, concatenate, and transform binary data while maintaining awareness of the underlying format structure, making it particularly useful for debugging media codecs, analyzing network traffic, or reverse engineering file formats.
Installation
# via Homebrew
brew install wader/tap/fq
# via Go
go install github.com/wader/fq@latest
# via Arch Linux
pacman -S fq
