cwe_checker Logo

cwe_checker

A static analysis tool that detects Common Weakness Enumerations (CWEs) in ELF binaries across multiple CPU architectures using Ghidra-based disassembly and various analysis techniques.

1,252
Vulnerability Management
Free
Visit website
0

cwe_checker Description

cwe_checker is a static analysis tool designed to detect common vulnerability patterns in ELF binaries across multiple CPU architectures. The tool identifies bug classes formally categorized as Common Weakness Enumerations (CWEs), including null pointer dereferences and buffer overflows. The tool leverages Ghidra for binary disassembly, converting executables into a common intermediate representation for analysis. This approach enables cross-architecture support for x86, ARM, MIPS, and PPC binaries, making it particularly useful for firmware security analysis. cwe_checker implements various analysis techniques ranging from simple heuristics to abstract interpretation-based data-flow analysis. The tool features a plugin-based architecture that allows for extensibility and customization of analysis rules and APIs. Key capabilities include: - Static analysis of ELF binaries without requiring source code - Multi-architecture support through Ghidra integration - Detection of memory safety vulnerabilities and common programming errors - Configurable analysis parameters and rule sets - Integration with Ghidra for annotated result visualization - Docker-based deployment for simplified setup The tool outputs analysis results that can be viewed within Ghidra's interface, providing analysts with annotated views of potentially vulnerable code paths. This integration helps security researchers and developers identify and prioritize security issues in compiled binaries.

FEATURED

Proton Pass Logo

Password manager with end-to-end encryption and identity protection features

NordVPN Logo

VPN service providing encrypted internet connections and privacy protection

Mandos Fractional CISO Services Logo

Fractional CISO services for B2B companies to accelerate sales and compliance

Stay Updated with Mandos Brief

Get the latest cybersecurity updates in your inbox

POPULAR

RoboShadow Logo

Automated vulnerability assessment and remediation platform

10
TestSavantAI Logo

Security platform that provides protection, monitoring and governance for enterprise generative AI applications and LLMs against various threats including prompt injection and data poisoning.

5
Cybersec Feeds Logo

A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.

5
Fabric Platform by BlackStork Logo

Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.

5
Mandos Brief Newsletter Logo

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

5
View Popular Tools →