search

slimm609 / checksec

Checksec
https://slimm609.github.io/checksec
Other
2.05k stars 306 forks source link

To improve scalability and speed , we code a c rewrite of checksec.sh. #263

Closed fuxxcss closed 2 months ago

fuxxcss commented 2 months ago

Our page

To improve scalability and speed , we code a c rewrite of checksec.sh, and added some features. https://github.com/fuxxcss/checksecc

A check example , /usr/bin/ssh

root@debian:~# checkc --file=/usr/bin/ssh --extended
File                        /usr/bin/ssh
RELRO                       Full RELRO
STACK CANARY                Canary found
NX                          NX enabled
PIE                         PIE enabled
RPATH                       NO RPATH
RUNPATH                     NO RUNPATH
Stripped                    Stripped
Sanitized asan              No
Sanitized tsan              NO
Sanitized msan              NO
Sanitized lsan              NO
Sanitized ubsan             NO
Sanitized dfsan             NO
Sanitized safestack         NO
Sanitized cet-ibt           NO
Sanitized cet-shadow-stack  NO
Fortified                   FORTIFY SOURCE support available (/lib/x86_64-linux-gnu/libc.so.6) : Yes
Fortified                   Binary compiled with FORTIFY SOURCE support (/usr/bin/ssh) : Yes
Fortified                   __vasprintf_chk Fortified
Fortified                   __memcpy_chk Fortified
Fortified                   __fprintf_chk Fortified
Fortified                   __realpath_chk Fortified
Fortified                   __asprintf_chk Fortified
Fortified                   __syslog_chk Fortified
Fortified                   __vsnprintf_chk Fortified
Fortified                   __snprintf_chk Fortified
Fortified                   __explicit_bzero_chk Fortified
Fortified                   __printf_chk Fortified

Your work is awesome,can we join a branch?

teoberi commented 2 months ago

C vs Go? Interesting to see what will come out! A project with 2 options or 2 separate projects. With C I am a little more familiar with Go less. What is absolutely certain is that I need checksec if I compile a lot from sources. When I have some free time I will test it.

fuxxcss commented 2 months ago

Happy to hear that!😄 Instead of readelf/libbfd , we code a simple loader.c to parse binary. So the only need is libc.so. and It's friendly to extend this to support pe check and other types.

cgzones commented 2 months ago

There is also checksec.rs, of which I am currently maintaining a fork.

slimm609 commented 2 months ago

one of the reasons for not using C is due to the dependency on libc. With golang it is a static binary that is completely portable and has no external dependencies.

fuxxcss commented 2 months ago

😄Golang really fits checksec for cross-platform. Looking forward to checksec.go release!