Trail of Bits Blog
Follow
Building checksec without boundaries with Checksec Anywhere
Checksec, a tool for analyzing executable security mitigations, has been popular since its 2009 release. A fragmented ecosystem of related tools emerged for different binary formats like ELF, PE, and Mach-O. To address this, Checksec Anywhere was developed to consolidate these analyses into a single, browser-based platform. This tool performs analysis entirely locally, ensuring user privacy and eliminating uploads. It supports multiple binary formats, offering tailored security checks for each. Performance is a key feature, with the ability to analyze thousands of files rapidly. Checksec Anywhere enhances accessibility through shareable results and SARIF export. Its architecture leverages Rust compiled to WebAssembly for efficient, in-browser processing. The platform is designed for extensibility to add new formats and security checks. Future work includes adding support for mobile and firmware binaries, as well as advanced security property checks.
