checksec¶
checksec inspects the security properties of ELF executables, running processes, and the Linux kernel — RELRO, stack canaries, NX, PIE, control-flow integrity (CFI), FORTIFY_SOURCE, and more.
It was originally written as a bash script by Tobias Klein in 2011 (original site). This project is a modern rewrite in Go, distributed as a single static binary.
Install¶
Download a prebuilt binary from the
releases page and place it
on your PATH:
install -m 0755 checksec /usr/local/bin/checksec
.deb, .rpm, and .apk packages are attached to each
release.
docker run --rm -v "$PWD:/data" slimm609/checksec:latest file /data/your-binary
go install github.com/slimm609/checksec/v3@latest
Quick start¶
# Check a single binary
checksec file /bin/ls
# Recursively check a directory
checksec dir /usr/bin -r
# Check a running process by PID
checksec proc 1
# Inspect the running kernel's hardening configuration
checksec kernel
Example output:
$ checksec file /bin/ls
RELRO STACK CANARY NX PIE RPATH RUNPATH FILE
Full RELRO Canary Found NX enabled PIE Enabled No RPATH No RUNPATH /bin/ls
Where to go next¶
-
:material-console: Usage
Command-line flags, scan modes, and output formats (CLI, CSV, JSON, XML, YAML).
-
:material-palette: Understanding output
What the colors mean, and how to read every status value — including
UnknownandN/A. -
:material-shield-check: Checks reference
Every check explained: what it protects against, how it's detected, every possible value, and how to enable it.
Looking for what a specific value means?
If you saw something like FORTIFY Lvl → Unknown and aren't sure what it
means, start with Understanding output, then jump to the
relevant check reference page.