A Go program that checks the security flags for Linux binaries
This was inspired by pwntools checksec and not wanting to have to install a venv in python to be able to use it when you want to use do a quick check of a binary security flags
This requires go 1.24 to build then you can use make -f MakeFile build to build the binaries.
You can get the deb, rpm or archlinux pkg package from here as well as a precompiled binary for you respective CPU architecture from the .tar.gz and then move the gochecksec binary to /usr/local/bin/ and you now have it installed
The project includes comprehensive tests to ensure that the security checks are working correctly. The tests create sample binaries with different security properties and verify that the tool correctly identifies these properties.
To run the tests, you need to have GCC installed on your system, as the tests compile sample C programs with different security flags.
# Run all tests
go test -v
# Run tests in short mode (skips tests that require compiling binaries)
go test -v -shortThe tests cover all the security checks implemented in the tool:
- RELRO (Relocation Read-Only) - None, Partial, Full
- PIE (Position Independent Executable) - Enabled, Disabled
- NX (Non-Executable Stack) - Enabled, Disabled
- Stack Canary - Present, Absent
- RWX segments - Present, Absent
- Fortify - Enabled, Disabled
The tests also include integration tests that run the entire tool on sample binaries and verify the output.