Skip to content

Fast multi-platform (ELF/PE/MachO) binary checksec written in Rust.

License

Notifications You must be signed in to change notification settings

etke/checksec.rs

Repository files navigation

checksec.rs

crates.io docs.rs github-actions

Fast multi-platform (ELF/PE/MachO) binary checksec written in Rust.

cargo crate releases periodically

Uses goblin to for multi-platform binary parsing support and ignore for fast recursive path iteration that respects various filters such as globs, file types and .gitignore files and serde for Serializaiton/Deserialization.

Prior Art

Plenty of prior art exists for this type of tool. Some are standalone command line utilities and some are plugins for frameworks or debuggers, however all are platform specific.

Project Author Language Active
checksec.sh (original) Tobias Klein bash Jan 28, 2009 - Nov 17, 2011
checksec Dhiru Kholia python Apr 18, 2013 - Mar 19, 2014
checksec.sh Brian Davis bash Feb 14, 2014 - current
pwntools - checksec Gallopsled python Nov 8, 2014 - current
CheckSec.c hugsy c Dec 7, 2015 - Apr 24, 2018
checksec klks c++ Mar 25, 2017
iOS-checksec.py ChiChou python Apr 6, 2017
checksec-win Lucas Leong c++ Aug 21, 2017
winchecksec Trail Of Bits c++ Aug 17, 2018 - current
pe_mitigation_check.py David Cannings python Sep 20, 2018

note: not an exhaustive list

Build/Install

git (HEAD)

git clone https://github.com/etke/checksec.rs && cd checksec.rs
cargo build --release
cargo install --path .

cargo

cargo install checksec

Cross-compilation

For instances where you want to compile for a different target OS or architecture, see rust-cross.

Usage

USAGE:
    checksec [FLAGS] [OPTIONS]

FLAGS:
    -h, --help           Prints help information
    -j, --json           Output in json format
        --pretty         Human readable json output
    -P, --process-all    Check all running processes
    -V, --version        Prints version information

OPTIONS:
    -d, --directory <DIRECTORY>    Target directory
    -f, --file <FILE>              Target file
    -p, --process <NAME>           Name of running process to check

Example

standalone checksec

individual binary
$ checksec -f test/binaries/true-x86_64
ELF64: | Canary: true CFI: false SafeStack: false Fortify: true Fortified: 2 NX: true PIE: None Relro: Partial RPATH: None RUNPATH: None | File: test/binaries/true-x86_64
individual binary (json output)
$ checksec -f test/binaries/true-x86_64 --json
{"binaries":[{"binarytype":"Elf64","file":"test/binaries/true-x86_64","properties":{"Elf":{"canary":true,"clang_cfi":false,"clang_safestack":false,"fortified":2,"fortify":true,"nx":true,"pie":"None","relro":"Partial","rpath":{"paths":["None"]},"runpath":{"paths":["None"]}}}}]}
running processes
$ checksec -P
-zsh(34)
 ↪ ELF64: | Canary: true CFI: false SafeStack: false Fortify: true Fortified: 8 NX: true PIE: Full Relro: Full RPATH: None RUNPATH: None | File: /bin/zsh
checksec(216)
 ↪ ELF64: | Canary: false CFI: false SafeStack: false Fortify: false Fortified: 0 NX: true PIE: Full Relro: Full RPATH: None RUNPATH: None | File: /home/etke/.cargo/bin/checksec
init(1)
 ↪ ELF64: | Canary: false CFI: false SafeStack: false Fortify: false Fortified: 0 NX: true PIE: None Relro: Partial RPATH: None RUNPATH: None | File: /init
running processes (json output)
$ checksec -P --json
{"processes":[{"binary":[{"binarytype":"Elf64","file":"/bin/zsh","properties":{"Elf":{"canary":true,"clang_cfi":false,"clang_safestack":false,"fortified":8,"fortify":true,"nx":true,"pie":"PIE","relro":"Full","rpath":{"paths":["None"]},"runpath":{"paths":["None"]}}}}],"pid":34},{"binary":[{"binarytype":"Elf64","file":"/init","properties":{"Elf":{"canary":false,"clang_cfi":false,"clang_safestack":false,"fortified":0,"fortify":false,"nx":true,"pie":"None","relro":"Partial","rpath":{"paths":["None"]},"runpath":{"paths":["None"]}}}}],"pid":1},{"binary":[{"binarytype":"Elf64","file":"/home/etke/.cargo/bin/checksec","properties":{"Elf":{"canary":false,"clang_cfi":false,"clang_safestack":false,"fortified":0,"fortify":false,"nx":true,"pie":"PIE","relro":"Full","rpath":{"paths":["None"]},"runpath":{"paths":["None"]}}}}],"pid":232}]}

libchecksec

Just add the following to any current project with goblin dependencies to enable checksec trait on goblin::Object::{Elf, Mach, PE} objects.

Add checksec crate dependency to your project Cargo.toml.

[dependencies]
checksec = { version = "0.0.9", features = ["elf", "macho", "pe", "color"] }

Now in your project source, specify dependency on the checksec crate and import the required module to access the associated Properties trait(s).

extern crate checksec;
use checksec::elf;
use checksec::macho;
use checksec::pe;

You will now have access to all the implemented check functions directly from the goblin::Object.

See examples/ for library usage examples.

Todo

libchecksec todos

  • Platform specific checks
    • ELF
      • Fortifiable
      • Rpath RW
    • PE
      • Authenticode verification
    • MachO
      • Rpath RW
  • Platform independent checks
    • MachO
      • @rpath contents into shared::VecRpath similar to DT_RPATH/DT_RUNPATH on ELFs
      • Code signature validation

checksec todos

  • ?

project todos

  • Tests (cargo test)

Contributing

Improvements welcome!

  • For ideas, please check the Github Issues page.
    • Want something added? file an issue and tag it with improvement
  • Found a problem? file an issue including the following information
    • Description of the problem
    • Expected behaviour
    • Attach bug tag
  • For pull requests to be reviewed;
    • must be formatted with supplied project rustfmt.toml
    • must have no Clippy warnings/errors with supplied project clippy.toml (when one exists)