aeondave/checksec
offensive-tools/rev/checksec/SKILL.md
checksec: Linux binary and kernel hardening inspection tool for RELRO, canary, NX, PIE, RPATH, RUNPATH, symbols, fortify, and kernel config checks. Use when triaging ELF targets for exploitability, verifying compiler hardening, or auditing Linux systems and offline root filesystems.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill checksecInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 19, 2026, 4:53 AM123.1s1 file scanned
SKILL.md
- name:
- checksec
- description:
- checksec: Linux binary and kernel hardening inspection tool for RELRO, canary, NX, PIE, RPATH, RUNPATH, symbols, fortify, and kernel config checks. Use when triaging ELF targets for exploitability, verifying compiler hardening, or auditing Linux systems and offline root filesystems.
- compatibility:
- Linux primary; macOS can inspect Linux files with limits; Go-based releases plus historical bash usage
- author:
- AeonDave
- version:
- 1.0
checksec
Quick hardening triage for ELF binaries and Linux kernels.
When to use checksec
Use checksec when you need to answer questions like:
- Is PIE enabled?
- Is there a stack canary?
- Is NX enforced?
- Is RELRO partial or full?
- Are symbols stripped?
- What kernel hardening settings are enabled?
This is often the first command in pwn/reversing triage.
Quick Start
# Inspect one binary
checksec file /bin/ls
# JSON output for automation
checksec file /bin/ls --output json
# Kernel hardening survey
checksec kernel
Output Modes
checksec file ./target --output cli
checksec file ./target --output json
checksec file ./target --output yaml
checksec file ./target --output xml
Use machine-readable output when feeding exploit notes, parsers, or dashboards.
Common Workflows
Pwn triage
checksec file ./vuln
Interpret quickly:
- No PIE → static code addresses stay stable
- No canary → stack overflow path is simpler
- NX enabled → likely ret2libc/ROP instead of raw stack shellcode
- Partial RELRO → GOT overwrite may still be viable
Batch or scripted inspection
checksec file ./target --output json
Kernel review
checksec kernel
checksec kernel --output json
Useful for local privesc context or hardening audits.
Fortify-focused check
checksec fortifyProc 1
Use when you want deeper fortify coverage rather than just the summary row in normal binary output.
Cross-Compiled / Offline Filesystem Use
Upstream notes two important limits:
- kernel checks must run on the live system you actually want to assess
- file checks work offline except fortify may need the target libc context
For offline target filesystems, consider pairing checksec with native readelf if the environment is stripped down.
Practical Notes
- Current upstream has moved toward a Go implementation and is faster than the old bash-heavy workflow.
- Checksec is a triage tool, not a full exploitability oracle.
- Always pair the result with real reversing:
readelf,objdump, debugger output, and vulnerability context.
Caveats
- A "hardened" binary can still be exploitable.
- A missing mitigation does not guarantee an easy exploit.
- On non-Linux hosts some checks are limited.
Resources
No bundled scripts/, references/, or assets/.
Use upstream examples for the latest subcommands and output schema.
Related Skills
aeondave/offensive-linux-role
data-ai
VerifiedTrustedCommunity
Scoped routing: Linux operator; hosts, sessions, users, services, packages, logs, containers, SSH, network paths, privilege evidence.
4SKILL.mdUpdated Jun 5, 2026
aeondave/ics-technique
development
VerifiedTrustedCommunity
Offensive methodology for ICS/OT/SCADA environments in authorized industrial penetration testing and red team operations. Use when assessing PLCs, RTUs, HMIs, engineering workstations, historians, or field devices running Modbus, DNP3, EtherNet/IP, S7comm/S7+, Profinet, IEC 60870-5-104, BACnet, or OPC-UA. Covers passive OT network enumeration, protocol-level device interrogation, PLC coil/register read-write attacks, HMI session exploitation, historian and engineering workstation compromise, and safe escalation rules for critical infrastructure scope. Does not cover: general IT network exploitation (network-technique), physical hardware interfaces UART/JTAG/SPI (hardware-technique), wireless sensor network attacks (wireless-technique), RF/SDR signal analysis (hardware-ctf or wireless-technique), or CTF-framed ICS lab tasks (ics-ctf).
4SKILL.mdUpdated Jun 2, 2026
aeondave/game-technique
tools
VerifiedTrustedCommunity
Offensive methodology for authorized game security assessments, game client security research, and game-adjacent penetration testing in real-world engagements. Use when assessing game clients for cheating vulnerabilities, testing anti-cheat effectiveness, auditing game server protocols for score manipulation or economic fraud, reverse engineering game DRM or license validation, analyzing game save file protection, or assessing game mod/plugin security. Covers: process memory scanning and manipulation (Cheat Engine methodology), game binary reversing for license and DRM bypass, game network protocol analysis and packet replay, anti-cheat mechanism analysis, save file format reversing and tampering, speed hack and value injection techniques. Does NOT cover: CTF game challenges (game-ctf), game engine source code auditing (web-exploit-technique or vuln-search-technique for the backend), or general binary exploitation (pwn-ctf or reversing-technique).
4SKILL.mdUpdated Jun 2, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 2, 2026