Scanning File systems with Binmap
Information on this media
Binmap is an Open Source tool designed to quickly scan a file system, gather various information on the binaries it finds and store them for futher processing by third-party tools.
It provides handlers for ELF and PE binary formats and can collect usual executable informations:
- imported / exported symbols
- dynamic library dependencies
- hardening features
- version information (using a fuzzy algorithm)
These informations are stored as a graph that can be walked through using a Python API.
So what?
You want to check all the executables that use a given, obsolete library? Walk through its successors!
You want to see the consequences of a system upgrade? Take the diff of the graph!
You want to check if your system is vulnerable to a given CVE? Rely on the collected version information and cross-check information!
You want to audit a system image? Use the chroot mode and quickly find out the interesting binaries!
The tool is extendible: one can contribute with its own binary analyzer to support more formats or to improve existing information extraction.
Serge Guelton
Serge is a pure product of the French Far West: He received his Engineering degree and PhD on Compilation near Brest and since then he has been travelling in the marvelous world of computer science, from HPC to submarine acoustic and now the funny interaction between security and compilation as an R&D engineer for Quarkslab.
