Pteryx is a tool for checking file signatures (magic numbers) to verify file types. It can be used to identify files with incorrect extensions or ones that are intentionally obscuring themselves.
You have two options:
- Install using brew
brew install dtsivkovski/tap/pteryx- Build from source
git clone https://github.com/dtsivkovski/pteryx.git
cd pteryx
go install
go build -o pteryxCheck file extensions against magic number signatures
pteryx sig <file>
pteryx sig <directory> -d
pteryx sig <directory> -d -rBy default, sig lists failures and the summary. Add -V to include files that pass signature checks.
Create hash baseline
pteryx hash create <file>
pteryx hash create <directory> -d -r -o pteryx.hashCompare files against saved hash baseline
pteryx hash compare <file> -i pteryx.hash
pteryx hash compare <directory> -d -r -i pteryx.hashAny function can accept -l to enable logging. The log output file is currently labeled pteryx.log in the directory in which the command was run.
This project is developed by Daniel Tsivkovski and licensed under the MIT License. See LICENSE for more details.
File signature data derived from Gary C. Kessler's File Signature Table.
The original GCK file signature JSON is preserved in data/file_sigs.json. data/file_sigs.normalized.json contains parser-oriented cleanup of apparent field formatting issues, such as Header offset values like "0(null)". Copyright © 2002-2026 Gary C. Kessler. Used with attribution.
I chose pteryx to name it after flying dinosaurs, but specifically after this cool one called the Hatzegopteryx. I love how it's a flying dinosaur but comparable to the size of a giraffe.