-
Notifications
You must be signed in to change notification settings - Fork 21
/
audit-checksec-libs.sh
executable file
·72 lines (56 loc) · 1.67 KB
/
audit-checksec-libs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/usr/bin/env bash
# Download and install checksec:
# wget https://raw.githubusercontent.com/slimm609/checksec.sh/master/checksec
# xattr -r -d com.apple.quarantine checksec
# chmod a+x checksec
# sudo mv checksec /usr/bin
dir="$1"
# Ensure a directory is specified
if [[ -z "${dir}" ]]; then
echo "Please specify a directory"
exit 1
fi
if [[ ! -d "${dir}" ]]; then
echo "Please specify a real directory"
exit 1
fi
# Find a non-anemic grep
GREP=$(command -v grep 2>/dev/null)
if [[ -d /usr/gnu/bin ]]; then
GREP=/usr/gnu/bin/grep
fi
# Ensure checksec is available
if [[ -z "${CHECKSEC}" ]]; then
if [[ -e ./checksec ]]; then
CHECKSEC=./checksec
elif [[ $(command -v checksec 2>/dev/null) ]]; then
CHECKSEC=$(command -v checksec 2>/dev/null)
fi
fi
if [[ -z "${CHECKSEC}" ]]
then
echo "Installing checksec"
wget -q -O checksec 'https://raw.githubusercontent.com/slimm609/checksec.sh/master/checksec'
chmod +x checksec
if [[ $(uname -s | ${GREP} -i 'darwin') ]] ;then
xattr -r -d com.apple.quarantine checksec
fi
CHECKSEC=./checksec
fi
if [[ $(uname -s | ${GREP} -i 'darwin') ]]; then
LIB_EXT='*\.dylib*'
else
LIB_EXT='*\.so*'
fi
# Find libfoo.so* files using the shell wildcard. Some libraries
# are _not_ executable and get missed in the do loop.
IFS= find "${dir}" -type f -name "$LIB_EXT" -print | while read -r file
do
if [[ ! $(file -ibh "${file}" | ${GREP} -E "application/x-sharedlib") ]]; then continue; fi
echo "****************************************"
echo "${file}:"
echo ""
${CHECKSEC} --file="${file}"
done
echo "****************************************"
exit 0