Skip to content

checksec

checksec inspects the security properties of ELF executables, running processes, and the Linux kernel — RELRO, stack canaries, NX, PIE, control-flow integrity (CFI), FORTIFY_SOURCE, and more.

It was originally written as a bash script by Tobias Klein in 2011 (original site). This project is a modern rewrite in Go, distributed as a single static binary.

Install

Download a prebuilt binary from the releases page and place it on your PATH:

install -m 0755 checksec /usr/local/bin/checksec

.deb, .rpm, and .apk packages are attached to each release.

docker run --rm -v "$PWD:/data" slimm609/checksec:latest file /data/your-binary
go install github.com/slimm609/checksec/v3@latest

Quick start

# Check a single binary
checksec file /bin/ls

# Recursively check a directory
checksec dir /usr/bin -r

# Check a running process by PID
checksec proc 1

# Inspect the running kernel's hardening configuration
checksec kernel

Example output:

$ checksec file /bin/ls
RELRO           STACK CANARY   NX           PIE          RPATH      RUNPATH    FILE
Full RELRO      Canary Found   NX enabled   PIE Enabled  No RPATH   No RUNPATH /bin/ls

Where to go next

  • :material-console: Usage

    Command-line flags, scan modes, and output formats (CLI, CSV, JSON, XML, YAML).

  • :material-palette: Understanding output

    What the colors mean, and how to read every status value — including Unknown and N/A.

  • :material-shield-check: Checks reference

    Every check explained: what it protects against, how it's detected, every possible value, and how to enable it.

Looking for what a specific value means?

If you saw something like FORTIFY Lvl → Unknown and aren't sure what it means, start with Understanding output, then jump to the relevant check reference page.