49 lines
1.7 KiB
Markdown
49 lines
1.7 KiB
Markdown
# helpelf: an open and lightweight ELF recon tool
|
|
|
|
helpelf aims to be a replacement to the `file` and `checksec` utilities that are used by many hackers. The tool does not rely on readelf like `checksec` does, but instead includes its own ELF parser. Works for both 32 and 64-bit versions of the standard.
|
|
|
|
## Installation
|
|
|
|
This will install `helpelf` and the alias `he` on the command line. No dependencies are required besides the C toolchain & make utility.
|
|
|
|
```
|
|
make
|
|
sudo make install
|
|
```
|
|
|
|
## Usage
|
|
|
|
The output is colorful (not visible here).
|
|
|
|
```
|
|
$ helpelf
|
|
Usage: helpelf <file> [options]
|
|
-v --verbose displays more information
|
|
$ he a.out
|
|
a.out: 64-bit ELF (little-endian) amd64, NX enabled, PIE disabled, Stack canary enabled, Partial RELRO, Not stripped
|
|
$ he a.out -v
|
|
a.out: 64-bit ELF (little-endian) version 1 (executable file), amd64, statically linked, NX enabled, PIE disabled, Stack canary enabled, Partial RELRO, Not stripped
|
|
```
|
|
|
|
## Documentation
|
|
|
|
The tool was developed according to the ELF 32 and 64 bit standards that can be found here:
|
|
|
|
- [ELF-64 Object File Format](https://uclibc.org/docs/elf-64-gen.pdf)
|
|
- [Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification](https://refspecs.linuxfoundation.org/elf/elf.pdf)
|
|
|
|
## License
|
|
|
|
This project is under the Unlicense (part of public domain).
|
|
|
|
## TODO
|
|
|
|
- optimization: find a workaround for 32/64 sec differentiation
|
|
- verbose: display detailed header info
|
|
- verbose: display elf sections
|
|
|
|
## Known issues
|
|
|
|
- the RELRO check gives false-negatives on Full RELRO (instead shows Partial-RELRO)
|
|
- any contribution and/or feedback is highly appreciated. Open an issue/pull request if you'd like to add something.
|