checksec – identify security features compiled into Linux binaries

Checkec is an excellent tool written by Tobias Klein for identifying security features which were selected or omitted at compile-time on any given Linux binary.

We rarely compile things for ourselves these days, but rather implicitly trust the person who packaged the software we use to have made good choices with security-relevant compiler options when compiling the binary for us. checksec does a deep dive on a binary by using the readelf command to closely examine the binary and then parses out the results into an easily readable table, or to json for further processing. has produced an excellent article on the subject available here:

And the author’s project page with detailed explanations of each of the items the tool checks is available here:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.