Building checksec without boundaries with Checksec Anywhere

Since its original release in 2009, checksec has become widely used in the software security community, proving useful in CTF challenges, security posturing, and general binary analysis. The tool inspects executables to determine which exploit mitigations (e.g., ASLR, DEP, stack canaries, etc.) are enabled, rapidly gauging a program’s defensive hardening. This success inspired numerous spinoffs: a contemporary Go implementation, Trail of Bits’ Winchecksec for PE binaries, and various scripts targeting Apple’s Mach-O binary format. However, this created an unwieldy ecosystem where security professionals must juggle multiple tools, each with different interfaces, dependencies, and feature sets.

During my summer internship at Trail of Bits, I built Checksec Anywhere to consolidate this fragmented ecosystem into a consistent and accessible platform. Checksec Anywhere brings ELF, PE, and Mach-O analysis directly to your browser. It runs completely locally: no accounts, no uploads, no downloads. It is fast (analyzes thousands of binaries in seconds) and private, and lets you share results with a simple URL.

Using Checksec Anywhere

To use Checksec Anywhere, just drag and drop a file or folder directly into the browser. Results are instantly displayed with color-coded messages reflecting finding severity. All processing happens locally in your browser; at no point is data sent to Trail of Bits or anyone else.

Key features of Checksec Anywhere

Multi-format analysis

Checksec Anywhere performs comprehensive binary analysis across ELF, PE, and Mach-O formats from a single interface, providing analysis tailored to each platform’s unique security mechanisms. This includes traditional checks like stack canaries and PIE for ELF binaries, GS cookies and Control Flow Guard for PE files, and ARC and code signing for Mach-O executables. For users familiar with the traditional checksec family of tools, Checksec Anywhere reports maintain consistency with prior reporting nomenclature.

Privacy-first

Unlike many browser-accessible tools that simply provide a web interface to server-side processing, Checksec Anywhere ensures that your binaries never leave your machine by performing all analysis directly in the browser. Report generation also happens locally, and shareable links do not reveal binary content.

Performance by design

From browser upload to complete security report, Checksec Anywhere is designed to rapidly process multiple files. Since Checksec Anywhere runs locally, the exact performance depends on your machine… but it’s fast. On a modern MacBook Pro it can analyze thousands of files in mere seconds.

Enhanced accessibility

Checksec Anywhere eliminates installation barriers by offering an entirely browser-based interface and features designed to provide accessibility:

• Shareable results: Generate static URLs for any report view, enabling secure collaboration without exposing binaries.

• SARIF export: Generate reports in SARIF format for integration with CI/CD pipelines and other security tools. These reports are also generated entirely on your local machine.

• Simple batch processing: Drag and drop entire directories for simple bulk analysis.

• Tabbed interface: Manage multiple analyses simultaneously with an intuitive UI.

  

Technical architecture

Checksec Anywhere leverages modern web technologies to deliver native-tool performance in the browser:

• Rust core: Checksec Anywhere is built on the checksec.rs foundation, using well-established crates like Goblin for binary parsing and iced_x86 for disassembly.
• WebAssembly bridge: The Rust code is compiled to Wasm using wasm-pack, exposing low-level functionality through a clean JavaScript API.
• Extensible design: Per-format processing architecture allows easy addition of new binary types and security checks.
• Advanced analysis: Checksec Anywhere performs disassembly to enable deeper introspection (like to detect stack protection in PE binaries).

See the open-source codebase to dig further into its architecture.

Future work

With an established infrastructure for cross-platform binary analysis and reporting, we can easily add new features and extensions. If you have pull requests, we’d love to review and merge them.

Additional formats

A current major blind spot is lack of support for mobile binary formats like Android APK and iOS IPA. Adding analysis for these formats would address the expanding mobile threat landscape. Similarly, specialized handling of firmware binaries and bootloaders would extend coverage to critical system-level components in mobile and embedded devices.

Additional security properties

Checksec Anywhere is designed to add new checks as researchers discover new attack methods. For example, recent research has uncovered multiple mechanisms by which compiler optimizations violate constant-time execution guarantees, prompting significant discussion within the compiler community (see this LLVM discourse thread, for example). As these issues are addressed, constant-time security checks can be integrated into Checksec Anywhere, providing immediate feedback on whether a given binary is resistant to timing attacks.

Try it out

Checksec Anywhere eliminates the overhead of managing format-specific security analysis tools while providing immediate access to comprehensive binary security reports. No installation, no dependencies, no compromises on privacy or performance. Visit checksec-anywhere.com and try it now!

I’d like to extend a special thank you to my mentors William Woodruff and Bradley Swain for their guidance and support throughout my summer here at Trail of Bits!

The post Building checksec without boundaries with Checksec Anywhere appeared first on Security Boulevard.

>>More