4 releases (2 stable)
3.0.0 | May 28, 2021 |
---|---|
1.0.0 | Aug 1, 2020 |
0.2.0 | May 17, 2020 |
0.1.0 | Mar 12, 2020 |
#2068 in Parser implementations
21 downloads per month
28KB
539 lines
binsec
Swiss Army Knife for Binary (In)security
binsec is a minimal static analysis utility for detecting security capabilities in ELF/PE/Mach-O executables. It's useful for reverse engineers and vulnerability researchers to gain quick and deeper insights into binary artifacts, build fast detection pipelines, and improve overall binary analysis.
Features
- Cross-platform, supports robust checks for ELF/PE/Mach-Os while running on any host.
- Backends libgoblin for efficient and cross-platform binary parsing.
- JSON serializable for storage/logging consumption.
- Small and ast: final release build is ~2.44Mb, with analysis done in 30ms.
Static Analysis Checks
The project currently supports static detection for a variety of executable checks:
- Compilation Features - insights about how the executable was compiled, and runtimes used in that process.
- Exploit Mitigations - OS-supported binary hardening features used to limit exploitation and priviledge escalation.
- Dynamic Instrumentation - detects any known instrumentation frameworks used for dynamic analysis and/or profiling.
- Anti-Analysis (WIP) - noticeable anti-analysis checks employed to mitigate reverse engineering.
Usage
Install binsec
as a command line application as so:
$ cargo install binsec
Using the application is meant to be very simple. Given any binary executable you want to conduct initial analysis, simply pass it in as a positional argument:
$ binsec -- ./suspicious
binsec
output can also be serialized into JSON:
# print to stdout
$ binsec --json - -- ./suspicious
# print to path
$ binsec --json report.json -- ./suspicious
Contributing
This is something that is continually being developed! You can contribute by catching issues and bugs and submitting them through the issue tracker or making a pull request!
License
Dependencies
~9.5MB
~201K SLoC