binsec
Swiss Army Knife for Binary (In)security
binsec is a minimal static analysis utility for detecting security capabilities in ELF/PE/Mach-O executables. It's useful for reverse engineers and vulnerability researchers to gain quick and deeper insights into binary artifacts, build fast detection pipelines, and improve overall binary analysis.
Features
- Cross-platform, supports robust checks for ELF/PE/Mach-Os while running on any host.
- Backends libgoblin for efficient and cross-platform binary parsing.
- JSON serializable for storage/logging consumption.
- Small and ast: final release build is ~2.44Mb, with analysis done in 30ms.
Static Analysis Checks
The project currently supports static detection for a variety of executable checks:
- Compilation Features - insights about how the executable was compiled, and runtimes used in that process.
- Exploit Mitigations - OS-supported binary hardening features used to limit exploitation and priviledge escalation.
- Dynamic Instrumentation - detects any known instrumentation frameworks used for dynamic analysis and/or profiling.
- Anti-Analysis (WIP) - noticeable anti-analysis checks employed to mitigate reverse engineering.
Usage
Install binsec
as a command line application as so:
$ cargo install binsec
Using the application is meant to be very simple. Given any binary executable you want to conduct initial analysis, simply pass it in as a positional argument:
$ binsec -- ./suspicious
binsec
output can also be serialized into JSON:
# print to stdout
$ binsec --json - -- ./suspicious
# print to path
$ binsec --json report.json -- ./suspicious
Contributing
This is something that is continually being developed! You can contribute by catching issues and bugs and submitting them through the issue tracker or making a pull request!