HardeningMeter: The Python Tool for Thorough Security Hardening Evaluation

security hardening

Hardening Meter

HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems. Its robust capabilities include thorough checks of various binary exploitation protection mechanisms, including Stack Canary, RELRO, randomizations (ASLR, PIC, PIE), None Exec Stack, Fortify, ASAN, and NX bit. This tool is suitable for all types of binaries and provides accurate information about the hardening status of each binary, identifying those that deserve attention and those with robust security measures. Hardening Meter supports all Linux distributions and machine-readable output, the results can be printed to the screen in a table format or exported to a csv.

Install

git clone https://github.com/OfriOuzan/HardeningMeter

Use

Execute Scanning Example

Scan the ‘/usr/bin’ directory, the ‘/usr/sbin/newusers’ file, and the system, and export the results to a csv file.

python3 HardeningMeter.py -d /usr/bin -f /usr/sbin/newusers -s True -c True

Results

HardeningMeter’s results are printed as a table and consisted of 3 different states:

  • (X) – This state indicates that the binary hardening mechanism is disabled.
  • (V) – This state indicates that the binary hardening mechanism is enabled.
  • (-) – This state indicates that the binary hardening mechanism is not relevant in this particular case.

Copyright (C) 2023 OfriOuzan

Source: https://github.com/OfriOuzan/