I'd like to request a few simple features that would help make checksec(go) quite a bit more flexible/usable beyond its current design.
-
Ability to disable the ascii banner, say with a --no-banner or similar.
The current behaviour makes a little more sense for dir, but less so for file, particularly when one is using checksec in a loop. Say you're looking through the filesystem for binaries of a particular name, type, etc with a find command or similar. In this case, you get the banner output in every iteration. I wont go so far as to propose not including the banner by default, but I do think that idea has merit in the longer term too. In this case, the opt-in might be something like -b/--banner to include it, where the default is not to.
-
Ability to disable column/field header names.
Same rationale as the first. --no-headers or similar.
-
Ability to disable warnings. I currently see Warning: Dynamic Binary found but missing libc. Fortify results will be skipped for every file inspected. It'd be nice to be able to silence it. Also useful for/when extending the kinds of warnings checksec might be able to output.
A -no-warnings, or in the case where you switch the default, -w/--warnings
You may also want to consider a message in the fortify field outputs instead. They are currently N/A 0 and 0. Some other values might be more valuable.
-
Include filenames in the following warnings (like File is not an ELF file: does)
- Error reading symbol table: EOF
- Warning: Dynamic Binary found but missing libc. Fortify results will be skipped
- Any other warning that doesnt include filename
-
Support for --color=always similar to ls, git and other commands [1], allowing their output colour to be passed to other programs via pipes (like grep).
Currently, checksecs useful colour output when iterating through many binaries makes it easy to highlight standout issues, but this is lost when piping.
[1] https://stackoverflow.com/questions/2327191/preserve-colouring-after-piping-grep-to-grep
-
Bonus header UX request: Ability to include/exclude certain fields/headers.
For me (at the moment), all three fortify fields are not very valuable, since they currently return N/A / 0 / 0. This feature would also help create more valuable output formats for automated checking systems, limiting output to specific subsets of the inspection.
Thanks for your time and effort on this tool ❤
I'd like to request a few simple features that would help make checksec(go) quite a bit more flexible/usable beyond its current design.
Ability to disable the ascii banner, say with a
--no-banneror similar.The current behaviour makes a little more sense for
dir, but less so forfile, particularly when one is using checksec in a loop. Say you're looking through the filesystem for binaries of a particular name, type, etc with afindcommand or similar. In this case, you get the banner output in every iteration. I wont go so far as to propose not including the banner by default, but I do think that idea has merit in the longer term too. In this case, the opt-in might be something like-b/--bannerto include it, where the default is not to.Ability to disable column/field header names.
Same rationale as the first.
--no-headersor similar.Ability to disable warnings. I currently see
Warning: Dynamic Binary found but missing libc. Fortify results will be skippedfor every file inspected. It'd be nice to be able to silence it. Also useful for/when extending the kinds of warnings checksec might be able to output.A
-no-warnings, or in the case where you switch the default,-w/--warningsYou may also want to consider a message in the fortify field outputs instead. They are currently
N/A0and0. Some other values might be more valuable.Include filenames in the following warnings (like
File is not an ELF file:does)Support for
--color=alwayssimilar tols,gitand other commands [1], allowing their output colour to be passed to other programs via pipes (likegrep).Currently, checksecs useful colour output when iterating through many binaries makes it easy to highlight standout issues, but this is lost when piping.
[1] https://stackoverflow.com/questions/2327191/preserve-colouring-after-piping-grep-to-grep
Bonus header UX request: Ability to include/exclude certain fields/headers.
For me (at the moment), all three fortify fields are not very valuable, since they currently return N/A / 0 / 0. This feature would also help create more valuable output formats for automated checking systems, limiting output to specific subsets of the inspection.
Thanks for your time and effort on this tool ❤