You know jq. You love jq. Now imagine pointing that same query language at an MP4 file, a PCAP capture, a FLAC stream, a PNG, a WASM binary, or an ELF executable — and getting structured, queryable data back. That's fq.

Written in Go by Mattias Wadman, fq decodes over 200 binary formats into a tree you can slice with jq syntax. It's not a hex editor. It's not file(1). It's a binary format query engine.

Install it:

# macOS
brew install wader/tap/fq

# Linux (static binary)
curl -sL https://github.com/wader/fq/releases/latest/download/fq_linux_amd64 -o /usr/local/bin/fq
chmod +x /usr/local/bin/fq

Inspect an MP4 container without memorizing the ISO 14496 spec:

# Show the top-level box structure
$ fq '.boxes[] | {type: .type, size: .size}' video.mp4
{"type": "ftyp", "size": 32}
{"type": "moov", "size": 1842076}
{"type": "mdat", "size": 54391quotient}

# Extract the video codec and resolution
$ fq '.boxes[] | select(.type == "moov") | .. | select(.type? == "avc1") | {width, height}' video.mp4
{"width": 1920, "height": 1080}

# Dump all metadata timestamps
$ fq '[.. | .creation_time? // empty] | unique' video.mp4

Dissect a PCAP without firing up Wireshark:

# List all TCP streams with their source/dest
$ fq '.packets[] | select(.packet.ipv4 != null) | {
  src: .packet.ipv4.source_ip,
  dst: .packet.ipv4.destination_ip,
  proto: .packet.ipv4.protocol
}' capture.pcap

# Extract just DNS query names
$ fq '[.packets[] | .packet.udp?.payload?.questions?[]?.name? // empty] | unique' capture.pcap

Rip apart a PNG to see its chunks:

$ fq '.chunks[] | {type: .type, size: .size}' image.png
{"type": "IHDR", "size": 13}
{"type": "sRGB", "size": 1}
{"type": "IDAT", "size": 832471}
{"type": "IEND", "size": 0}

Interactive REPL mode is where it shines for exploration:

$ fq -i . firmware.elf
fq> .header
│00 01 02 03│    .header:
│7f 45 4c 46│    ident.magic: "\x7fELF"
│02         │    ident.class: 64 (2)
│01         │    ident.data: "little_endian" (1)
fq> .sections[] | select(.name == ".text") | .size
1048576

The killer feature over xxd or binwalk: fq understands structure. It doesn't just show you hex — it knows that bytes 4-7 of that MP4 box are a size field encoded as big-endian uint32. You query semantics, not offsets.

Supported formats include: MP4, Matroska/WebM, FLAC, MP3, Ogg, WAV, PNG, JPEG, GIF, TIFF, PCAP, ELF, Mach-O, PE, ZIP, tar, gzip, WASM, protobuf, msgpack, CBOR, bencode, Bitcoin blocks, and dozens more. The full list grows with each release.

It also composes beautifully with other tools:

# Pipe fq's JSON output into jq for further processing
$ fq -o format=json '.boxes' video.mp4 | jq '.[].type'

# Use it in scripts to validate file structure
$ fq -e '.header.magic == "\x7fELF"' binary && echo "Valid ELF"