Home - Blog - Advisories - Research - Papers - Books - Presentations - Tools - About

checksec.sh

Modern Linux distributions offer some mitigation techniques to make it harder to exploit software vulnerabilities reliably. Mitigations such as RELRO, NoExecute (NX), Stack Canaries, Address Space Layout Randomization (ASLR) and Position Independent Executables (PIE) have made reliably exploiting any vulnerabilities that do exist far more challenging. The checksec.sh script is designed to test what standard Linux OS and PaX security features are being used.

As of version 1.3 the script also lists the status of various Linux kernel protection mechanisms.

Examples

See my blog for some examples.

Download

You can download the latest version 1.3.1 of checksec.sh here.

History and Changes

[15-Jun-2010] checksec.sh v1.3.1 has been released. Here are the changes.
[04-May-2010] checksec.sh v1.3 has been released.
[02-Jan-2010] checksec.sh v1.2 has been released.
[27-Dec-2009] checksec.sh v1.1 has been released.
[28-Jan-2009] Initial release of checksec.sh v1.0.

:: Copyright (c) 2000-2010 Tobias Klein. All rights reserved. ::