Fast multi-platform (ELF/PE/MachO) binary checksec written in Rust.
cargo crate releases periodically
Uses goblin to for multi-platform binary parsing support and ignore for fast recursive path iteration that respects various filters such as globs, file types and .gitignore
files and serde for Serializaiton/Deserialization.
Plenty of prior art exists for this type of tool. Some are standalone command line utilities and some are plugins for frameworks or debuggers, however all are platform specific.
Project | Author | Language | Active |
---|---|---|---|
checksec.sh (original) | Tobias Klein | bash | Jan 28, 2009 - Nov 17, 2011 |
checksec | Dhiru Kholia | python | Apr 18, 2013 - Mar 19, 2014 |
checksec.sh | Brian Davis | bash | Feb 14, 2014 - current |
pwntools - checksec | Gallopsled | python | Nov 8, 2014 - current |
CheckSec.c | hugsy | c | Dec 7, 2015 - Apr 24, 2018 |
checksec | klks | c++ | Mar 25, 2017 |
iOS-checksec.py | ChiChou | python | Apr 6, 2017 |
checksec-win | Lucas Leong | c++ | Aug 21, 2017 |
winchecksec | Trail Of Bits | c++ | Aug 17, 2018 - current |
pe_mitigation_check.py | David Cannings | python | Sep 20, 2018 |
note: not an exhaustive list
git clone https://github.com/etke/checksec.rs && cd checksec.rs
cargo build --release
cargo install --path .
cargo install checksec
For instances where you want to compile for a different target OS or architecture, see rust-cross.
USAGE:
checksec [FLAGS] [OPTIONS]
FLAGS:
-h, --help Prints help information
-j, --json Output in json format
--pretty Human readable json output
-P, --process-all Check all running processes
-V, --version Prints version information
OPTIONS:
-d, --directory <DIRECTORY> Target directory
-f, --file <FILE> Target file
-p, --process <NAME> Name of running process to check
$ checksec -f test/binaries/true-x86_64
ELF64: | Canary: true CFI: false SafeStack: false Fortify: true Fortified: 2 NX: true PIE: None Relro: Partial RPATH: None RUNPATH: None | File: test/binaries/true-x86_64
$ checksec -f test/binaries/true-x86_64 --json
{"binaries":[{"binarytype":"Elf64","file":"test/binaries/true-x86_64","properties":{"Elf":{"canary":true,"clang_cfi":false,"clang_safestack":false,"fortified":2,"fortify":true,"nx":true,"pie":"None","relro":"Partial","rpath":{"paths":["None"]},"runpath":{"paths":["None"]}}}}]}
$ checksec -P
-zsh(34)
↪ ELF64: | Canary: true CFI: false SafeStack: false Fortify: true Fortified: 8 NX: true PIE: Full Relro: Full RPATH: None RUNPATH: None | File: /bin/zsh
checksec(216)
↪ ELF64: | Canary: false CFI: false SafeStack: false Fortify: false Fortified: 0 NX: true PIE: Full Relro: Full RPATH: None RUNPATH: None | File: /home/etke/.cargo/bin/checksec
init(1)
↪ ELF64: | Canary: false CFI: false SafeStack: false Fortify: false Fortified: 0 NX: true PIE: None Relro: Partial RPATH: None RUNPATH: None | File: /init
$ checksec -P --json
{"processes":[{"binary":[{"binarytype":"Elf64","file":"/bin/zsh","properties":{"Elf":{"canary":true,"clang_cfi":false,"clang_safestack":false,"fortified":8,"fortify":true,"nx":true,"pie":"PIE","relro":"Full","rpath":{"paths":["None"]},"runpath":{"paths":["None"]}}}}],"pid":34},{"binary":[{"binarytype":"Elf64","file":"/init","properties":{"Elf":{"canary":false,"clang_cfi":false,"clang_safestack":false,"fortified":0,"fortify":false,"nx":true,"pie":"None","relro":"Partial","rpath":{"paths":["None"]},"runpath":{"paths":["None"]}}}}],"pid":1},{"binary":[{"binarytype":"Elf64","file":"/home/etke/.cargo/bin/checksec","properties":{"Elf":{"canary":false,"clang_cfi":false,"clang_safestack":false,"fortified":0,"fortify":false,"nx":true,"pie":"PIE","relro":"Full","rpath":{"paths":["None"]},"runpath":{"paths":["None"]}}}}],"pid":232}]}
Just add the following to any current project with goblin dependencies to enable checksec trait on goblin::Object::{Elf, Mach, PE}
objects.
Add checksec
crate dependency to your project Cargo.toml
.
[dependencies]
checksec = { version = "0.0.9", features = ["elf", "macho", "pe", "color"] }
Now in your project source, specify dependency on the checksec
crate and import the required module to access the associated Properties
trait(s).
extern crate checksec;
use checksec::elf;
use checksec::macho;
use checksec::pe;
You will now have access to all the implemented check functions directly from the goblin::Object
.
See examples/ for library usage examples.
- Platform specific checks
- ELF
- Fortifiable
- Rpath RW
- PE
- Authenticode verification
- MachO
- Rpath RW
- ELF
- Platform independent checks
- MachO
@rpath
contents intoshared::VecRpath
similar toDT_RPATH
/DT_RUNPATH
on ELFs- Code signature validation
- MachO
- ?
- Tests (cargo test)
Improvements welcome!
- For ideas, please check the Github Issues page.
- Want something added? file an issue and tag it with
improvement
- Want something added? file an issue and tag it with
- Found a problem? file an issue including the following information
- Description of the problem
- Expected behaviour
- Attach
bug
tag
- For pull requests to be reviewed;
- must be formatted with supplied project
rustfmt.toml
- must have no Clippy warnings/errors with supplied project
clippy.toml
(when one exists)
- must be formatted with supplied project