Skip to content
checksec-ng. Elf checksec in Python. Does large-scale package analysis. Now with multi-core support!
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
data
deps
docs
results
scripts
static
Makefile
README.md
av_scanner.py
bug-shell.py
chart-er-all.py
chart-er.py
checksec.py
checksecsrv.py
deb-scanner.py
deb-shell.py
dwarf_producer.c
fetch_ubuntu_repodata.sh
flags-reporter.py
flags-scanner-ng-v2.py
flags-scanner-ng.py
flags-scanner.py
gen-setxid.sh
invoke_rpmgrill.sh
libproducer.py
listener.py
majdoor.py
orphan-files-finder.py
pie.gnu
producer.py
pyclamd.py
rpm-shell.py
scanner.py
settings.py
six.py
tasks.py
tester.py

README.md

checksec.py

This is a rough port of the checksec.sh script by Tobias Klein to Python.

My analysis code combines the original checksec (bash script), rpm-chksec (Steve's script) and Grant's Go port into one Python code base.

The idea behind this exercise is to make analysis of packages easier and more accessible. One of the cool things is that you can analyze packages for different Operating System(s) seamlessly while running a single OS.

Additionally, my code works for all RHEL and Fedora versions (and even deb based distributions).

The analysis code doesn't install any packages on the system, is host OS agnostic and is quite fast (scales linearly).

Dependencies

On Fedora 19 (or higher), the following command will install all the required dependencies.

$ sudo yum install pkgwat python-xlwt rpm-python python-pyelftools \
	python-six libarchive-devel python-pip python-libarchive -y

Checks Done

  • PIE, RELRO, BIND_NOW

  • RPATH, TEMPPATHS, RUNPATH

  • Stack Canaries, Non-executable stack

  • FORTIFY_SOURCE

  • File-based capabilities, setxid

  • Polkit policy modification checks

Bulk Analysis Tools

Check out scanner.py and scripts under the "scripts" folder.

$ ./scanner.py blueman-1.23-7.fc20.x86_64.rpm json # scan a package

$ ./scanner.py Packages/ # scan entire folders

Interactive Tools Demo

✗ python rpm-shell.py
Loading database ...
read: 35229 packages (35229 suggested)

(Cmd) search sudo
texlive-sudoku
texlive-sudoku-doc
texlive-sudokubundle-doc
sudo-devel
ksudoku
libsss_sudo
sudo
sudoku-savant
texlive-sudokubundle
gnome-games-sudoku
gnome-sudoku
vdr-sudoku
libsss_sudo-devel

(Cmd) describe sudo
description: Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
as root while logging all commands and arguments. Sudo operates on a
per-command basis.  It is not a replacement for the shell.  Features
include: the ability to restrict what commands a user may run on a
per-host basis, copious logging of each command (providing a clear
audit trail of who did what), a configurable timeout of the sudo
command, and the ability to use the same configuration file (sudoers)
on many different machines.
group: Applications/System
ver + rel: 1.8.6p7 1.fc19

(Cmd) analyze sudo
{
    "build": "sudo-1.8.6p7-1.fc19.x86_64.rpm",
    "daemon": false,
    "files": [
        {
            "CANARY": "Enabled",
            "CATEGORY": "None",
            "NX": "Enabled",
            "PIE": "Enabled",
            "RELRO": "Enabled",
            "RPATH": "Disabled",
            "RUNPATH": "Disabled",
            "mode": 34889,
            "name": "/usr/bin/sudo",
            "size": 126608
        },
        {
            "CANARY": "Enabled",
            "CATEGORY": "None",
            "NX": "Enabled",
            "PIE": "Enabled",
            "RELRO": "Enabled",
            "RPATH": "Disabled",
            "RUNPATH": "Disabled",
            "mode": 32841,
            "name": "/usr/bin/sudoreplay",
            "size": 65744
        },
        {
            "CANARY": "Enabled",
            "CATEGORY": "None",
            "NX": "Enabled",
            "PIE": "Enabled",
            "RELRO": "Enabled",
            "RPATH": "Disabled",
            "RUNPATH": "Disabled",
            "mode": 33261,
            "name": "/usr/libexec/sesh",
            "size": 32640
        },
        {
            "CANARY": "Enabled",
            "CATEGORY": "None",
            "NX": "Enabled",
            "PIE": "Enabled",
            "RELRO": "Enabled",
            "RPATH": "Disabled",
            "RUNPATH": "Disabled",
            "mode": 33261,
            "name": "/usr/sbin/visudo",
            "size": 165944
        }
    ],
    "group": "Applications/System",
    "package": "sudo"
}
✗ python deb-shell.py
Loading ...multiverse/Packages.gz
Loading ...universe/Packages.gz
Loading ...restricted/Packages.gz
Loading ...main/Packages.gz

(Cmd) search sudo
sudo
...
kdesudo
...

(Cmd) analyze sudo
{
    "build": "sudo_1.8.6p3-0ubuntu3_amd64.deb",
    "daemon": true,
    "files": [
        {
            "CANARY": "Enabled",
            "CATEGORY": "None",
            "NX": "Enabled",
            "PIE": "Enabled",
            "RELRO": "Partial",
            "RPATH": "Disabled",
            "RUNPATH": "Disabled",
            "mode": 493,
            "name": "/usr/lib/sudo/sesh",
            "size": 27416
        },
        {
            "CANARY": "Enabled",
            "CATEGORY": "None",
            "NX": "Enabled",
            "PIE": "Enabled",
            "RELRO": "Partial",
            "RPATH": "Disabled",
            "RUNPATH": "Disabled",
            "mode": 493,
            "name": "/usr/sbin/visudo",
            "size": 155640
        },
        {
            "CANARY": "Enabled",
            "CATEGORY": "None",
            "NX": "Enabled",
            "PIE": "Enabled",
            "RELRO": "Partial",
            "RPATH": "Disabled",
            "RUNPATH": "Disabled",
            "mode": 2541,
            "name": "/usr/bin/sudo",
            "size": 121144
        },
        {
            "CANARY": "Enabled",
            "CATEGORY": "None",
            "NX": "Enabled",
            "PIE": "Enabled",
            "RELRO": "Partial",
            "RPATH": "Disabled",
            "RUNPATH": "Disabled",
            "mode": 493,
            "name": "/usr/bin/sudoreplay",
            "size": 64632
        }
    ],
    "group": "admin",
    "package": "sudo"
}

As usual, feedback is welcome :-)

You can’t perform that action at this time.