Checksec.rs
Fast multi-platform (ELF/PE/MachO) binary checksec written in Rust.
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Radare2 | 18,595 |  | 4 | 2 | a day ago | 13 | March 03, 2014 | 844 | lgpl-3.0 | C |
| UNIX-like reverse engineering framework and command-line toolset | ||||||||||
| Rizin | 2,106 | 8 hours ago | 410 | lgpl-3.0 | C | |||||
| UNIX-like reverse engineering framework and command-line toolset. | ||||||||||
| Habomalhunter | 567 | 4 years ago | 6 | other | Python | |||||
| HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system. | ||||||||||
| Chain Reactor | 229 | 2 years ago | 5 | mit | C | |||||
| Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints. | ||||||||||
| Egalito | 189 | 5 months ago | 11 | gpl-3.0 | C++ | |||||
| Self-hosting binary instrumentation framework for security research | ||||||||||
| Fileless Elf Exec | 162 | 2 years ago | gpl-3.0 | |||||||
| Execute ELF files without dropping them on disk | ||||||||||
| Checksec.rs | 72 | | 3 | 6 months ago | 9 | June 10, 2022 | 8 | apache-2.0 | Rust | |
| Fast multi-platform (ELF/PE/MachO) binary checksec written in Rust. | ||||||||||
| Pax Utils | 67 | 7 months ago | 1 | gpl-2.0 | C | |||||
| [MIRROR] ELF related utils for ELF 32/64 binaries that can check files for security relevant properties | ||||||||||
| Sf2 | 60 | 5 months ago | 1 | Python | ||||||
| Antivirus Signature Search Toolkit | ||||||||||
| Extrude | 53 | 5 months ago | 2 | November 25, 2021 | 1 | mit | Go | |||
| :detective: Analyse binaries for missing security features, information disclosure and more... | ||||||||||
Alternatives To Checksec.rsSelect To Compare
Alternative Project Comparisons
Readme
Fast multi-platform (ELF/PE/MachO) binary checksec written in Rust.
cargo crate releases periodically
Uses goblin to for multi-platform binary parsing support and ignore for fast recursive path iteration that respects various filters such as globs, file types and .gitignore files and serde for Serializaiton/Deserialization.
Prior Art
Plenty of prior art exists for this type of tool. Some are standalone command line utilities and some are plugins for frameworks or debuggers, however all are platform specific.
| Project | Author | Language | Active |
|---|---|---|---|
| checksec.sh (original) | Tobias Klein | bash | Jan 28, 2009 - Nov 17, 2011 |
| checksec | Dhiru Kholia | python | Apr 18, 2013 - Mar 19, 2014 |
| checksec.sh | Brian Davis | bash | Feb 14, 2014 - current |
| pwntools - checksec | Gallopsled | python | Nov 8, 2014 - current |
| CheckSec.c | hugsy | c | Dec 7, 2015 - Apr 24, 2018 |
| checksec | klks | c++ | Mar 25, 2017 |
| iOS-checksec.py | ChiChou | python | Apr 6, 2017 |
| checksec-win | Lucas Leong | c++ | Aug 21, 2017 |
| winchecksec | Trail Of Bits | c++ | Aug 17, 2018 - current |
| pe_mitigation_check.py | David Cannings | python | Sep 20, 2018 |
note: not an exhaustive list
Build/Install
git (HEAD)
git clone https://github.com/etke/checksec.rs && cd checksec.rs
cargo build --release
cargo install --path .
cargo
cargo install checksec
Cross-compilation
For instances where you want to compile for a different target OS or architecture, see rust-cross.
Usage
USAGE:
checksec [FLAGS] [OPTIONS]
FLAGS:
-h, --help Prints help information
-j, --json Output in json format
--pretty Human readable json output
-P, --process-all Check all running processes
-V, --version Prints version information
OPTIONS:
-d, --directory <DIRECTORY> Target directory
-f, --file <FILE> Target file
-p, --process <NAME> Name of running process to check
Example
standalone checksec
individual binary
$ checksec -f test/binaries/true-x86_64
ELF64: | Canary: true CFI: false SafeStack: false Fortify: true Fortified: 2 NX: true PIE: None Relro: Partial RPATH: None RUNPATH: None | File: test/binaries/true-x86_64
individual binary (json output)
$ checksec -f test/binaries/true-x86_64 --json
{"binaries":[{"binarytype":"Elf64","file":"test/binaries/true-x86_64","properties":{"Elf":{"canary":true,"clang_cfi":false,"clang_safestack":false,"fortified":2,"fortify":true,"nx":true,"pie":"None","relro":"Partial","rpath":{"paths":["None"]},"runpath":{"paths":["None"]}}}}]}
running processes
$ checksec -P
-zsh(34)
↪ ELF64: | Canary: true CFI: false SafeStack: false Fortify: true Fortified: 8 NX: true PIE: Full Relro: Full RPATH: None RUNPATH: None | File: /bin/zsh
checksec(216)
↪ ELF64: | Canary: false CFI: false SafeStack: false Fortify: false Fortified: 0 NX: true PIE: Full Relro: Full RPATH: None RUNPATH: None | File: /home/etke/.cargo/bin/checksec
init(1)
↪ ELF64: | Canary: false CFI: false SafeStack: false Fortify: false Fortified: 0 NX: true PIE: None Relro: Partial RPATH: None RUNPATH: None | File: /init
running processes (json output)
$ checksec -P --json
{"processes":[{"binary":[{"binarytype":"Elf64","file":"/bin/zsh","properties":{"Elf":{"canary":true,"clang_cfi":false,"clang_safestack":false,"fortified":8,"fortify":true,"nx":true,"pie":"PIE","relro":"Full","rpath":{"paths":["None"]},"runpath":{"paths":["None"]}}}}],"pid":34},{"binary":[{"binarytype":"Elf64","file":"/init","properties":{"Elf":{"canary":false,"clang_cfi":false,"clang_safestack":false,"fortified":0,"fortify":false,"nx":true,"pie":"None","relro":"Partial","rpath":{"paths":["None"]},"runpath":{"paths":["None"]}}}}],"pid":1},{"binary":[{"binarytype":"Elf64","file":"/home/etke/.cargo/bin/checksec","properties":{"Elf":{"canary":false,"clang_cfi":false,"clang_safestack":false,"fortified":0,"fortify":false,"nx":true,"pie":"PIE","relro":"Full","rpath":{"paths":["None"]},"runpath":{"paths":["None"]}}}}],"pid":232}]}
libchecksec
Just add the following to any current project with goblin dependencies to enable checksec trait on goblin::Object::{Elf, Mach, PE} objects.
Add checksec crate dependency to your project Cargo.toml.
[dependencies]
checksec = { version = "0.0.9", features = ["elf", "macho", "pe", "color"] }
Now in your project source, specify dependency on the checksec crate and import the required module to access the associated Properties trait(s).
extern crate checksec;
use checksec::elf;
use checksec::macho;
use checksec::pe;
You will now have access to all the implemented check functions directly from the goblin::Object.
See examples/ for library usage examples.
Todo
libchecksec todos
- Platform specific checks
- ELF
- Fortifiable
- Rpath RW
- PE
- Authenticode verification
- MachO
- Rpath RW
- ELF
- Platform independent checks
- MachO
-
@rpathcontents intoshared::VecRpathsimilar toDT_RPATH/DT_RUNPATHon ELFs - Code signature validation
-
- MachO
checksec todos
- ?
project todos
- Tests (cargo test)
Contributing
Improvements welcome!
- For ideas, please check the Github Issues page.
- Want something added? file an issue and tag it with
improvement
- Want something added? file an issue and tag it with
- Found a problem? file an issue including the following information
- Description of the problem
- Expected behaviour
- Attach
bugtag
- For pull requests to be reviewed;
- must be formatted with supplied project
rustfmt.toml - must have no Clippy warnings/errors with supplied project
clippy.toml(when one exists)
- must be formatted with supplied project
Popular Security Projects
Popular Elf Projects
Popular Security Categories
Related Searches
Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Rust
Security
Elf
Pe
Mach O