checksec - Man Page

• List security properties of an executable binary file: checksec --file=path/to/binary
• List security properties recursively of all executable files in a directory: checksec --dir=path/to/directory
• List security properties of a process: checksec --proc=pid
• List security properties of the running kernel: checksec --kernel

tldr.sh

checksec [options] [file]

checksec is a bash script used to check the properties of executables (like PIE, RELRO, PaX, Canaries, ASLR, Fortify Source) and kernel security options (like GRSecurity and SELinux).

--output= or --format= {cli|csv|xml|json}

Output the results in different formats for ingestion to other applications. NOTE: This option must go before any other options currently

--help

Displays the help text

--file={filename}

Checks individual files for security features compiled into the executable

--dir={directory}

Recursively checks all executable files in the directory for security features compiled into the executables

--proc={pid}

Checks the security features of a running process by name

--proc-all

Checks the security features of all running processes

--proc-libs

Checks the security features of the all libraries of a running process ID

--kernel[=kconfig]

Checks the security features of the running kernel or a specified kernel config

--fortify-file={filename}

Checks the fortifiability of a file and if any of the fortifiable features have already been compiled into the file

--fortify-proc={pid}

Checks the fortifiability of a running process and if any of the fortifiable features have already been compiled in

--version

Shows the current version of the running software

--update or --upgrade

Checks source for a signed update and updates the application if available

The following diagnostics may be issued on stderr:

Permission Denied.

Debugging

Brian Davis <slimm609 at gmail dot com>

Checksec was originally written by Tobias Klein