Displayed mitigations for Elf files using a new Python plugin.

1 files changed, 39 insertions, 0 deletions

diff --git a/plugins/python/checksec/plugin.py b/plugins/python/checksec/plugin.py
new file mode 100644
index 0000000..6efb9b5
--- /dev/null
+++ b/plugins/python/checksec/plugin.py
@@ -0,0 +1,39 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+from .mitigations import ElfMitigations
+from pychrysalide import PluginModule
+from pychrysalide.core import log_message, LMT_INFO
+from pychrysalide.format.elf import ElfFormat
+
+
+class CheckSec(PluginModule):
+    """Check for Elf mititgations."""
+
+    def get_interface(self):
+        """Provide the full plugin description."""
+
+        desc = {
+
+            'name' : 'CheckSec',
+            'desc' : 'Output the exploit mitigations compiled with a loaded binary',
+            'version' : '0.1',
+
+            'actions' : [ PluginModule.PGA_FORMAT_POST_ANALYSIS_ENDED ]
+
+        }
+
+        return desc
+
+
+    def handle_format_analysis(self, action, format, gid, status):
+        """Get notified at the end of format analysis."""
+
+        if type(format) == ElfFormat:
+
+            m = ElfMitigations(format)
+
+            msg = 'Elf mitigations: NX: <b>%s</b>  PIE: <b>%s</b>  RelRO: <b>%s</b>  Canary: <b>%s</b>' \
+                  % (m._nx, m._pie, m._relro, m._canary)
+
+            self.log_message(LMT_INFO, msg)