checksec.rs
checksec.rs copied to clipboard
etke
Fast multi-platform (ELF/PE/MachO) binary checksec written in Rust.
This issue is for an extremely specific quirk that isn’t really a problem in practice, but bringing it to your attention on the off chance other library API users ran...
checksec.rs seems to be the only checksec tool that also checks Mach-O files. I stumbled upon this tool due to this check. However, the stack canaries check looks up symbols...
It would be nice to have a more readable output for scanning directories/multiple binaries. Some ideas: - If a given mitigation is not enabled in all binaries, list it only...
Support specifying multiple targets, e.g.: ``` checksec -f /bin/ls -f /bin/grep checksec -p firefox -p chromium ``` Scan list of files, e.g. piped from another program: ``` dpkg -L apt...
Dynamic linking is the standard on Linux. Thus the hardening of dynamic loaded shared libraries can affect programs as well. Add a an option to scan all dynamic libraries for...
When printing a process result the corresponding file should be valid, since a result was successfully generated.
Add new feature `disassembly` checking for Stack Clash Protection[1], enabled by the compiler flag `-fstack-clash-protection`. Unlike other hardening features this can not be determined from the ELF information, but only...
The TODO section of the ReadMe mentions **Rpath RW**, probably taken from the output of checksec.sh. From an ELF perspective RPATH and RUNPATH have no RW(read-write) attribute. checksec.sh checks whether...
It would be convenient for development to have more binaries to test in *test/binaries*, especially some PE and MachO ones.
Updating sysinfo will require some more code changes, so I'm putting that off for now.
