← 返回命令列表

Linux command

checksec 命令

文件

复制后可按需替换文件名、目录或参数。

常用示例

Check security properties of a binary

checksec --file=[path/to/binary]

Check security properties with JSON output

checksec --file=[path/to/binary] --output=json

Check the running kernel's security features

checksec --kernel

Check security properties of a running process

checksec --proc [pid]

Scan all binaries in a directory

checksec --dir [path/to/directory]

Check all running processes

checksec --proc-all

说明

checksec audits security features enabled in compiled Linux executables (ELF files), the kernel, or running processes. It helps security researchers and administrators assess the exploitability posture of binaries by checking for common mitigations. Security properties checked: RELRO (Relocation Read-Only) - Protects GOT/PLT from being overwritten. Full RELRO marks these as read-only after dynamic linking. Stack Canary - Random value placed before return addresses to detect buffer overflows. NX (No eXecute) - Marks memory regions as non-executable, preventing code execution from stack/heap. PIE (Position Independent Executable) - Enables ASLR by allowing random base address loading. FORTIFY - Compile-time buffer overflow checks for common functions.

参数

--file _binary_
Check security properties of specified binary
--dir _directory_
Scan all binaries in directory
--proc _pid_
Check running process by PID
--proc-all
Check all running processes
--kernel
Check kernel security features
--output _format_
Output format: cli, csv, json, xml
--fortify-file _binary_
Detailed fortify analysis

FAQ

What is the checksec command used for?

checksec audits security features enabled in compiled Linux executables (ELF files), the kernel, or running processes. It helps security researchers and administrators assess the exploitability posture of binaries by checking for common mitigations. Security properties checked: RELRO (Relocation Read-Only) - Protects GOT/PLT from being overwritten. Full RELRO marks these as read-only after dynamic linking. Stack Canary - Random value placed before return addresses to detect buffer overflows. NX (No eXecute) - Marks memory regions as non-executable, preventing code execution from stack/heap. PIE (Position Independent Executable) - Enables ASLR by allowing random base address loading. FORTIFY - Compile-time buffer overflow checks for common functions.

How do I run a basic checksec example?

Run `checksec --file=[path/to/binary]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does --file _binary_ do in checksec?

Check security properties of specified binary