The Swiss Army Knife for Binary (In)security

Related tags

Binary Analysis & Reversing security binary static-analysis
Overview

binsec

Actions crates.io version

Swiss Army Knife for Binary (In)security

binsec is a minimal static analysis utility for detecting security capabilities in ELF/PE/Mach-O executables. It's useful for reverse engineers and vulnerability researchers to gain quick and deeper insights into binary artifacts, build fast detection pipelines, and improve overall binary analysis.

Features

  • Cross-platform, supports robust checks for ELF/PE/Mach-Os while running on any host.
  • Backends libgoblin for efficient and cross-platform binary parsing.
  • JSON serializable for storage/logging consumption.
  • Small and ast: final release build is ~2.44Mb, with analysis done in 30ms.

Static Analysis Checks

The project currently supports static detection for a variety of executable checks:

  • Compilation Features - insights about how the executable was compiled, and runtimes used in that process.
  • Exploit Mitigations - OS-supported binary hardening features used to limit exploitation and priviledge escalation.
  • Dynamic Instrumentation - detects any known instrumentation frameworks used for dynamic analysis and/or profiling.
  • Anti-Analysis (WIP) - noticeable anti-analysis checks employed to mitigate reverse engineering.

Usage

Install binsec as a command line application as so:

$ cargo install binsec

Using the application is meant to be very simple. Given any binary executable you want to conduct initial analysis, simply pass it in as a positional argument:

$ binsec -- ./suspicious

binsec output can also be serialized into JSON:

# print to stdout
$ binsec --json - -- ./suspicious

# print to path
$ binsec --json report.json -- ./suspicious

Contributing

This is something that is continually being developed! You can contribute by catching issues and bugs and submitting them through the issue tracker or making a pull request!

License

MIT License

Comments
  • Bump serde_json from 1.0.64 to 1.0.65

    Bump serde_json from 1.0.64 to 1.0.65

    Bumps serde_json from 1.0.64 to 1.0.65.

    Release notes

    Sourced from serde_json's releases.

    v1.0.65

    • Documentation improvements
    Commits
    • c9193d4 Release 1.0.65
    • f205576 Merge pull request 788 from jplatte/doc-cfg
    • 6f15a0e Add doc(cfg(feature = "std")) attribute where appropriate
    • d8f70a3 Add CI job to ensure documentation can be built
    • e2978b6 Document unbounded_depth, raw_value feature-gated API via doc_cfg
    • ea39063 Update preserve_order required compiler to 1.38.0 for hashbrown
    • df1fb71 Resolve semicolon_if_nothing_returned clippy lints
    • e4057c7 Change readme run buttons to tab style
    • 9e45712 Merge pull request 778 from jayeshmann/patch-1
    • 9cbdfc8 Overlapping button fix
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Bump yara from 0.6.1 to 0.8.0

    Bump yara from 0.6.1 to 0.8.0

    Bumps yara from 0.6.1 to 0.8.0.

    Changelog

    Sourced from yara's changelog.

    0.8.0 (2021-07-22)

    Features

    • add compile options (6d40365)
    • add set and get configuration (967b23a)
    • add callback API into Rules and Scanner (562ec2c)

    0.7.0 (2021-07-13)

    Features

    • adding deserialize (10036ad)
    • vendored feature now uses v4.1.1 (05d130a)

    Bug Fixes

    • unit test scanner_scan_proc encoding (bc62faf), closes #25
    • yara-sys: show some gcc warnings on vendored build (a93fa08)
    Commits
    • 7ad4799 chore(release): 0.8.0
    • 562ec2c Add callback API into Rules (#33)
    • 967b23a Set and get configuration (#35)
    • 6d40365 Add more compile options for libyara (#32)
    • 7613ae7 chore(release): 0.7.0
    • 5bcf074 docs: change Travis badge URL to travis-ci.com
    • fd7646d feat: hide serde behind a feature gate
    • 10036ad feat: adding deserialize
    • f8b4e53 Merge pull request #30 from Orycterope/scan_proc_test_tiemout
    • bc62faf fix: unit test scanner_scan_proc encoding
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Bump yara from 0.6.1 to 0.7.0

    Bump yara from 0.6.1 to 0.7.0

    Bumps yara from 0.6.1 to 0.7.0.

    Changelog

    Sourced from yara's changelog.

    0.7.0 (2021-07-13)

    Features

    • adding deserialize (10036ad)
    • vendored feature now uses v4.1.1 (05d130a)

    Bug Fixes

    • unit test scanner_scan_proc encoding (bc62faf), closes #25
    • yara-sys: show some gcc warnings on vendored build (a93fa08)
    Commits
    • 7613ae7 chore(release): 0.7.0
    • 5bcf074 docs: change Travis badge URL to travis-ci.com
    • fd7646d feat: hide serde behind a feature gate
    • 10036ad feat: adding deserialize
    • f8b4e53 Merge pull request #30 from Orycterope/scan_proc_test_tiemout
    • bc62faf fix: unit test scanner_scan_proc encoding
    • dcb67a8 Merge pull request #29 from Orycterope/yara_v4.1.1
    • 05d130a bump: vendored feature uses v4.1.1
    • c30065b Merge pull request #27 from Orycterope/show_cc_warnings
    • a93fa08 refactor: show cc compilation wanings
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Bump goblin from 0.4.0 to 0.4.2

    Bump goblin from 0.4.0 to 0.4.2

    Bumps goblin from 0.4.0 to 0.4.2.

    Changelog

    Sourced from goblin's changelog.

    [0.4.2] - 2021-7-4

    Added

    [0.4.1] - 2021-5-30

    Fixed

    Commits
    • b43b93e strtab: re-add new method with original signature, include new_preparsed, so ...
    • 0fe1499 build: update to 0.4.2; add 1 new contributor, update changelog
    • 8febb72 strtab: Parse Strtab only once on Creation (#275)
    • ef33a75 build: update to 0.4.1; add 1 new contributor, update changelog, add alloc to...
    • d406a4a build: fix error when alloc, but not endian_fd
    • b2b15a3 build: goblin is now 0.3 => 0.4, in CHANGELOG (#270)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Bump goblin from 0.4.0 to 0.4.1

    Bump goblin from 0.4.0 to 0.4.1

    Bumps goblin from 0.4.0 to 0.4.1.

    Changelog

    Sourced from goblin's changelog.

    [0.4.1] - 2021-5-30

    Fixed

    Commits
    • ef33a75 build: update to 0.4.1; add 1 new contributor, update changelog, add alloc to...
    • d406a4a build: fix error when alloc, but not endian_fd
    • b2b15a3 build: goblin is now 0.3 => 0.4, in CHANGELOG (#270)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Bump serde from 1.0.125 to 1.0.126

    Bump serde from 1.0.125 to 1.0.126

    Bumps serde from 1.0.125 to 1.0.126.

    Release notes

    Sourced from serde's releases.

    v1.0.126

    • Resolve conflict with forbid(future_incompatible) lint setting in generated code (#2026, thanks @​hyd-dev)
    Commits
    • d9c338e Release 1.0.126
    • 699bf3a Merge pull request #2026 from hyd-dev/warning
    • dd29825 Allow only unused_extern_crates instead of the whole rust_2018_idioms lin...
    • 6366f17 Ignore clone_instead_of_copied pedantic clippy lint
    • 1120e5a Remove suppression of removed clippy lint
    • 1093f7e Resolve flat_map_option pedantic clippy lint
    • 2ea132b Merge pull request #2018 from dtolnay/nonascii
    • 2ebc771 Remove non_ascii_idents feature gate from test suite
    • c17c4ee Unify stable and beta CI workflow
    • 7aa4950 Release serde_derive_internals 0.26.0
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Bump byte-unit from 4.0.11 to 4.0.12

    Bump byte-unit from 4.0.11 to 4.0.12

    Bumps byte-unit from 4.0.11 to 4.0.12.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Upgrade to GitHub-native Dependabot

    Upgrade to GitHub-native Dependabot

    Dependabot Preview will be shut down on August 3rd, 2021. In order to keep getting Dependabot updates, please merge this PR and migrate to GitHub-native Dependabot before then.

    Dependabot has been fully integrated into GitHub, so you no longer have to install and manage a separate app. This pull request migrates your configuration from Dependabot.com to a config file, using the new syntax. When merged, we'll swap out dependabot-preview (me) for a new dependabot app, and you'll be all set!

    With this change, you'll now use the Dependabot page in GitHub, rather than the Dependabot dashboard, to monitor your version updates, and you'll configure Dependabot through the new config file rather than a UI.

    If you've got any questions or feedback for us, please let us know by creating an issue in the dependabot/dependabot-core repository.

    Learn more about migrating to GitHub-native Dependabot

    Please note that regular @dependabot commands do not work on this pull request.

    dependencies 
    opened by dependabot-preview[bot] 1
  • Bump sysctl from 0.4.0 to 0.4.1

    Bump sysctl from 0.4.0 to 0.4.1

    Bumps sysctl from 0.4.0 to 0.4.1.

    Changelog

    Sourced from sysctl's changelog.

    [0.4.1] - 2021-04-23

    Changed

    • Replace deprecated failure crate with thiserror.
    • Fix clippy lints.
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Bump goblin from 0.3.0 to 0.4.0

    Bump goblin from 0.3.0 to 0.4.0

    Bumps goblin from 0.3.0 to 0.4.0.

    Changelog

    Sourced from goblin's changelog.

    [0.4.0] - 2021-4-11

    BREAKING

    • elf: fix returning invalid ranges for SH_NOBIT sections, method changed to return optional range instead, thanks @Tiwalun: m4b/goblin#253

    Fixed

    pe: pass parse opts correctly in pe parser in lookup table, fixes some issues loading and parsing pe libraries: m4b/goblin#268 elf: remove unnecessary unsafe blocks, thanks @nico-abram: m4b/goblin#261 elf: replace pub type with pub use, thanks @sollyucko: m4b/goblin#259

    Added

    elf: add a lazy parse example, thanks @jesseui: m4b/goblin#258 elf: add a new fuzzing harness + fix overflows in hash functions and note data iterator construction, thanks @Mrmaxmeier: m4b/goblin#260

    [0.3.4] - 2021-1-31

    Added

    • elf: introduce "lazy" parsing of elf structure with new lazy_parse function, which allows user to fill in parts of the ELF struct they need later on; new example provided, as well as some tests, thanks @jessehui: m4b/goblin#254
    • elf: also add new Elf::parse_header convenience function, which allows to parse elf header from bytes without e.g., explicitly depending on scroll, etc.

    [0.3.3] - 2021-1-31

    Fixed

    Added

    • pe: allow pe virtual memory resolve to be optional, allowing memory/process dump parsing, thanks @ko1n (as well as patience for very long time to merge PR!): m4b/goblin#188

    [0.3.2] - 2021-1-29

    Fixed

    [0.3.1] - 2021-1-18

    Added

    Fixed

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Bump serde from 1.0.123 to 1.0.125

    Bump serde from 1.0.123 to 1.0.125

    Bumps serde from 1.0.123 to 1.0.125.

    Release notes

    Sourced from serde's releases.

    v1.0.125

    • Improve performance of serializing Ipv4Addr (#2001, thanks @saethlin)

    v1.0.124

    • Fix possible panic deserializing invalid data as SystemTime (#1997, thanks @cyang1)
    Commits
    • e9270e5 Release 1.0.125
    • 72060b7 Extend test_format_u8 to include u8::MAX
    • 1bb23ad Remove format_u8 when not used by Ipv4Addr impl
    • 9be4c96 Merge pull request 2001 from saethlin/optimize-ipaddr
    • 4114e90 Fix off-by-one mistake, explain the offset
    • 8bb07b0 skip UTF8 checking and initialize with b'.'
    • ba8c1d6 use the algorithm from itoa
    • 857a805 Faster Ipv4 serialization prototype
    • 5a8dcac Release 1.0.124
    • 697b082 Touch up PR 1997
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 1
  • Revamp: binsec for CI/CD

    Revamp: binsec for CI/CD

    This started out as a learning lesson for parsing binaries with goblin and recognizing exploit protection primitives. However, there can be a much stronger push for this as an integration into software supply chain security mitigations.

    binsec should be fully CI/CD ready for GitHub Actions, trigger detections on binary artifact releases and recommending additional compilation steps (as per https://github.com/ex0dus-0x/binsec/issues/62). Not only does this create actionable security items for devs, but also a point of transparency for security researchers looking for vulns.

    opened by ex0dus-0x 0
  • Additional Windows PE and Kernel Checks

    Additional Windows PE and Kernel Checks

    Good series of posts with information about different Windows mitigations:

    • https://www.crowdstrike.com/blog/state-of-exploit-development-part-1/
    • https://www.crowdstrike.com/blog/state-of-exploit-development-part-2/

    For binary checks:

    • Legacy ASLR
    • ACG
    • Authenticode
    • CET / Return flow guarding
    enhancement help wanted good first issue important security-check 
    opened by ex0dus-0x 0
  • Incorporate opinionated security recommendations for binary harden checks

    Incorporate opinionated security recommendations for binary harden checks

    If specified with a flag like --opinion, return compiler flags that can be harnessed in order to mitigate any security features that are not set for the specific instance. Ie with partial RELRO for ELF binaries, we can recommend the following to upgrade to a full RELRO to prevent jumps to dynamically linked symbols:

    -Wl,-z,relro,-z,now

    If flag is set, this output should be incorporated in all output formats that are emitted.

    enhancement help wanted experimental 
    opened by ex0dus-0x 0
Owner
Alan
Security Engineer | NYU 2023
Alan
GitHub
An impish, cross-platform binary parsing crate, written in Rust

libgoblin Documentation https://docs.rs/goblin/ changelog Usage Goblin requires rustc 1.40.0. Add to your Cargo.toml [dependencies] goblin = "0.4" Fea

null 892 Dec 22, 2022
Binary Analysis Framework in Rust

Welcome to Falcon Falcon is a formal binary analysis framework in Rust. Expression-based IL with strong influences from RREIL and Binary Ninja's LLIL.

Falcon Binary Analysis Framework 489 Dec 18, 2022
The Swiss Army Knife for Binary (In)security

binsec Swiss Army Knife for Binary (In)security binsec is a minimal static analysis utility for detecting security capabilities in ELF/PE/Mach-O execu

Alan 15 Dec 16, 2022
A swiss army knife for creating binary modules for Garry's Mod in Rust.

A swiss army knife for creating binary modules for Garry's Mod in Rust.

William 38 Dec 24, 2022
The Metaplex NFT-standard Swiss Army Knife tool.

Metaboss The Solana Metaplex NFT 'Swiss Army Knife' tool. Current supported features: Decode NFT mint account metadata Get a list of mint accounts for

Samuel Vanderwaal 576 Jan 6, 2023
🦀 Swiss-army knife

anykit ?? This is a workspace designed to be used as follows: A single codebase is updated in the anykit crate The anykit crate exposes APIs for just

Damien Stanton 1 Jan 4, 2022
Easy c̵̰͠r̵̛̠ö̴̪s̶̩̒s̵̭̀-t̶̲͝h̶̯̚r̵̺͐e̷̖̽ḁ̴̍d̶̖̔ ȓ̵͙ė̶͎ḟ̴͙e̸̖͛r̶̖͗ë̶̱́ṉ̵̒ĉ̷̥e̷͚̍ s̷̹͌h̷̲̉a̵̭͋r̷̫̊ḭ̵̊n̷̬͂g̵̦̃ f̶̻̊ơ̵̜ṟ̸̈́ R̵̞̋ù̵̺s̷̖̅ţ̸͗!̸̼͋

Rust S̵̓i̸̓n̵̉ I̴n̴f̶e̸r̵n̷a̴l mutability! Howdy, friendly Rust developer! Ever had a value get m̵̯̅ð̶͊v̴̮̾ê̴̼͘d away right under your nose just when

null 294 Dec 23, 2022
A blazingly fast static web server with routing, templating, and security in a single binary you can set up with zero code. :zap::crab:

binserve ⚡ ?? A blazingly fast static web server with routing, templating, and security in a single binary you can set up with zero code. ?? UPDATE: N

Mufeed VH 722 Dec 27, 2022
Binary coverage tool without binary modification for Windows

Summary Mesos is a tool to gather binary code coverage on all user-land Windows targets without need for source or recompilation. It also provides an

null 384 Dec 30, 2022
Binary coverage tool without binary modification for Windows

Summary Mesos is a tool to gather binary code coverage on all user-land Windows targets without need for source or recompilation. It also provides an

null 381 Dec 22, 2022
Bindings to the macOS Security.framework

macOS/iOS Security framework for Rust Documentation Bindings to the Apple's Security.framework. Allows use of TLS and Keychain from Rust. License Lice

Kornel 172 Dec 24, 2022
A flexible web framework that promotes stability, safety, security and speed.

A flexible web framework that promotes stability, safety, security and speed. Features Stability focused. All releases target stable Rust. This will n

Gotham 2.1k Jan 3, 2023
Arch Linux Security Update Notifications

arch-audit-gtk Show an indicator if there are any security updates missing for your Arch Linux system. Install git clone https://aur.archlinux.org/arc

null 48 Nov 28, 2022
Applied offensive security with Rust

Black Hat Rust - Early Access Deep dive into offensive security with the Rust programming language Buy the book now! Summary Whether in movies or main

Sylvain Kerkour 2.2k Jan 2, 2023
Imagine the information security compliance guideline says you need an antivirus but you run Arch Linux

libredefender Imagine the information security compliance guideline says you need an antivirus but you run Arch Linux. libredefender is an antivirus p

null 83 Dec 26, 2022
server security proxy write by Rust

server-security-proxy server security proxy write by Rust how to use config toml file

baoyachi. Aka Rust Hairy crabs 3 May 24, 2021
Curated list of awesome projects and resources related to Rust and computer security

Awesome Rust Security Curated list of awesome projects and resources related to Rust and computer security Table of Contents Tools Web and Cloud Secur

Alan 131 Jan 1, 2023
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

OpenSK This repository contains a Rust implementation of a FIDO2 authenticator. We developed this as a Tock OS application and it has been successfull

Google 2.4k Jan 2, 2023
A utility like pkg-audit for Arch Linux. Based on Arch Security Team data.

arch-audit pkg-audit-like utility for Arch Linux. Based on data from security.archlinux.org collected by the awesome Arch Security Team. Installation

Andrea Scarpino 316 Nov 22, 2022
A Rust implementation of the Message Layer Security group messaging protocol

Molasses An extremely early implementation of the Message Layer Security group messaging protocol. This repo is based on draft 4 of the MLS protocol s

Trail of Bits 109 Dec 13, 2022