Checksec Logo

Checksec

0
Free
Visit Website

Checksec is a bash script to check the properties of executables (like PIE, RELRO, Canaries, ASLR, Fortify Source). It has been originally written by Tobias Klein and the original source is available here: http://www.trapkit.de/tools/checksec.html. **MAJOR UPDATES** 2.1.0 Changed structure to be more modular and switched to getopts so options can be in any order. e.g. format=json can be at the end now, however. All options now require --$option=$value instead of --$option $value. --extended option now includes clang CFI and safe stack checks. Last Update: 2024-04-29. For OSX: Most of the tools do not work on mach-O binaries or the OSX kernel, so it is not supported. Cosign Verify Checksec: cosign verify-blob --signature checksec_new.sig --certificate checksec_new.pub checksec --certificate-identity=slimm609@gmail.com --certificate-oidc-issuer=https://github.com/login/oauth. Openssl Verify Checksec: Openssl verification is being deprecated in favor of Cosign Verification, which is backed by a hardware security module and provides a greater level of integrity. openssl dgst -sha256 -verify checksec.pub -signature checksec.sig checksec. Examples: normal (or --format=cli) $check

FEATURES

ALTERNATIVES

PinCTF is a tool for using Intel's Pin Tool to instrument reverse engineering binaries and count instructions.

A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.

A Python script for scanning data within an IDB using Yara

A wordlist to bruteforce for Local File Inclusion (LFI) vulnerabilities

A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment

A collection of YARA rules for public use, built from intelligence profiles and file work.

A framework for creating XNU based rootkits for OS X and iOS security research

A tool for translating Dalvik bytecode to equivalent Java bytecode, allowing Java analysis tools to analyze Android applications.