# helpelf: an open and lightweight ELF recon tool

helpelf aims to be a replacement to the `file` and `checksec` utilities that are used by many hackers. The tool does not rely on readelf like `checksec` does, but instead includes its own ELF parser. Works for both 32 and 64-bit versions of the standard.

## Installation

This will install `helpelf` and the alias `he` on the command line. No dependencies are required besides the C toolchain & make utility.

```
make
sudo make install
```

## Usage

The output is colorful (not visible here).

```
$ helpelf 
Usage: helpelf <file> [options]
 -v --verbose             displays more information
$ he a.out 
a.out: 64-bit ELF (little-endian) amd64, NX enabled, PIE disabled, Stack canary enabled, Partial RELRO, Not stripped
$ he a.out -v
a.out: 64-bit ELF (little-endian) version 1 (executable file), amd64, statically linked, NX enabled, PIE disabled, Stack canary enabled, Partial RELRO, Not stripped
```

## Documentation

The tool was developed according to the ELF 32 and 64 bit standards that can be found here:

- [ELF-64 Object File Format](https://uclibc.org/docs/elf-64-gen.pdf)
- [Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification](https://refspecs.linuxfoundation.org/elf/elf.pdf)

## License

This project is under the Unlicense (part of public domain).

## TODO

- optimization: find a workaround for 32/64 sec differentiation
- verbose: display detailed header info
- verbose: display elf sections

## Known issues

- the RELRO check gives false-negatives on Full RELRO (instead shows Partial-RELRO)
- any contribution and/or feedback is highly appreciated. Open an issue/pull request if you'd like to add something.