checksec

Check security properties of a binary

$ checksec --file=[path/to/binary]

$ checksec --file=[path/to/binary] --output=json

$ checksec --kernel

$ checksec --proc [pid]

$ checksec --dir [path/to/directory]

$ checksec --proc-all

checksec [--file binary] [--dir directory] [--proc pid] [--kernel] [--output format]

checksec audits security features enabled in compiled Linux executables (ELF files), the kernel, or running processes. It helps security researchers and administrators assess the exploitability posture of binaries by checking for common mitigations.
Security properties checked:
RELRO (Relocation Read-Only) - Protects GOT/PLT from being overwritten. Full RELRO marks these as read-only after dynamic linking.
Stack Canary - Random value placed before return addresses to detect buffer overflows.
NX (No eXecute) - Marks memory regions as non-executable, preventing code execution from stack/heap.
PIE (Position Independent Executable) - Enables ASLR by allowing random base address loading.
FORTIFY - Compile-time buffer overflow checks for common functions.

--file binary

Check security properties of specified binary

Scan all binaries in directory

Check running process by PID

Check all running processes

Check kernel security features

Output format: cli, csv, json, xml

Detailed fortify analysis

Color-coded output indicates security status: green for enabled protections, red for missing. Red doesn't always indicate a vulnerability—distribution vendors may make intentional tradeoffs when compiling binaries.

Originally written by Tobias Klein at trapkit.de. The tool has been actively maintained and expanded, moving from Bash to Golang, with the current version maintained at github.com/slimm609/checksec.

readelf(1), objdump(1), file(1)