Commit 9f22e59a authored by Loic's avatar Loic
Browse files

Update README.md

parent 0212db62
hbsd-checksec
========
hbsd-checksec is a script to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR).
hbsd-checksec is a script to check the properties of executables (like PIE, RELRO, CFI, Canaries, ASLR).
It has been originally written by Tobias Klein and the original source is available here: http://www.trapkit.de/tools/checksec.html
Examples
How to run this script
--------
```
$ fetch https://git.hardenedbsd.org/loic/hbsd-checksec/-/raw/master/hbsd-checksec
$ chmod 710 hbsd-checksec
$ ./hbsd-checksec[](url)
```
Usage
--------
**normal (or --format=cli)**
```
Options:
$checksec --file=/bin/ls
RELRO STACK CANARY NX PIE RPATH RUNPATH FILE
Partial RELRO Canary found NX enabled No PIE No RPATH No RUNPATH /bin/ls
## hbsd-checksec Options
--file={file}
--dir={directory}
--listfile={text file with one file per line}
--proc={process name}
--proc-all
--proc-libs={process ID}
--kernel[=kconfig]
--fortify-file={executable-file}
--fortify-proc={process ID}
--version
--help
**csv**
## Modifiers
--debug
--verbose
--format={cli,csv,xml,json}
--output={cli,csv,xml,json}
--no-extended
```
Examples
--------
$ checksec --output=csv --file=/bin/ls
Partial RELRO,Canary found,NX enabled,No PIE,No RPATH,No RUNPATH,/bin/ls
```
./hbsd-checksec --proc-all
* System-wide ASLR: PaX ASLR enabled
**xml**
$ checksec --output=xml --file=/bin/ls
<?xml version="1.0" encoding="UTF-8"?>
<file relro="partial" canary="yes" nx="yes" pie="no" rpath="no" runpath="no" filename='/bin/ls'/>
* Does the CPU support NX: Yes
**json**
* Crash dumps: Not Restricted
$ checksec --output=json --file=/bin/ls
{ "file": { "relro":"partial","canary":"yes","nx":"yes","pie":"no","rpath":"no","runpath":"no","filename":"/bin/ls" } }
COMMAND PID RELRO STACK CANARY Clang CFI SafeStack BIND_NOW NX PIE
getty 10251 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
devd 24 Partial RELRO No symbol table found No Clang CFI found No SafeStack found No BIND_NOW found NX enabled No PIE
getty 24711 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
dhclient 25 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
syslogd 26 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
getty 27 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
getty 29 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
getty 36282 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
getty 62677 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
sshd 65250 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
csh 66538 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
mutt 67544 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
sshd 71249 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
getty 78416 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
dhclient 78527 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
getty 80242 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
cron 81213 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
dhclient 81882 Full RELRO Canary found No Clang CFI found SafeStack found BIND_NOW found NX enabled PIE enabled
```
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment