fq

fq is a command-line tool for inspecting and querying binary files. The name is a reference to jq, a well-known tool for working with JSON data, and fq attempts to do the same thing for binary formats: let you explore, filter, and transform file contents using a query language rather than custom scripts.

Binary files are files that store data in compact, non-human-readable formats, such as video files, audio files, network packet captures, compiled programs, and database files. Tools like hexdump can show you the raw bytes, but understanding what those bytes mean requires knowing the format. fq parses the file according to its specific format and presents the decoded structure as a tree you can navigate, which is much easier to work with.

The tool supports a very wide range of formats. On the media side it handles MP3, MP4, FLAC, WAV, JPEG, PNG, GIF, AVI, Matroska, and dozens of codec-specific sub-formats. For networking it handles TCP, UDP, IPv4, IPv6, DNS, TLS, PCAP packet captures, and RTMP. For executables it handles ELF (Linux binaries), Mach-O (macOS binaries), and WebAssembly. It also handles serialization formats like JSON, YAML, XML, CBOR, protobuf, and msgpack, and even some unusual ones like Bitcoin blocks and NES ROM files.

Because the query language is based on jq, users who already know jq can apply those same expressions to binary content. fq also has an interactive mode with tab-completion for exploring unfamiliar files, and it can reassemble fragmented TCP streams from packet captures.

The tool is available as a pre-built binary for macOS, Linux, and Windows, and can also be installed through Homebrew, Scoop, pacman, nix, and other package managers.