helpelf: an open and lightweight ELF recon tool

helpelf aims to be a replacement to the file and checksec utilities that
are used by many hackers. The tool does not rely on readelf like
checksec does, but instead includes its own ELF parser. Works for both
32 and 64-bit versions of the standard.

Installation

This will install helpelf and the alias he on the command line. No
dependencies are required besides the C toolchain & make utility.

    make
    sudo make install

Usage

The output is colorful (not visible here).

    $ helpelf 
    Usage: helpelf <file> [options]
     -v --verbose             displays more information
    $ he a.out 
    a.out: 64-bit ELF (little-endian) amd64, NX enabled, PIE disabled, Stack canary enabled, Partial RELRO, Not stripped
    $ he a.out -v
    a.out: 64-bit ELF (little-endian) version 1 (executable file), amd64, statically linked, NX enabled, PIE disabled, Stack canary enabled, Partial RELRO, Not stripped

Documentation

The tool was developed according to the ELF 32 and 64 bit standards that
can be found here:

-   ELF-64 Object File Format
-   Tool Interface Standard (TIS) Executable and Linking Format (ELF)
    Specification

License

This project is under the Unlicense (part of public domain).

TODO

-   optimization: find a workaround for 32/64 sec differentiation
-   verbose: display detailed header info
-   verbose: display elf sections

Known issues

-   the RELRO check gives false-negatives on Full RELRO (instead shows
    Partial-RELRO)
-   any contribution and/or feedback is highly appreciated. Open an
    issue/pull request if you’d like to add something.