# binsec
> 🇬🇧 English · [🇩🇪 Deutsch](LIESMICH.md) · [🇫🇷 Français](LISEZMOI.md)
**Binary (In)security tool** — a minimal static-analysis utility that
detects the security mitigations an **ELF / PE / Mach-O** executable was
built with.
This is the ndaal fork (**v3.2.3**) of
[`ex0dus-0x/binsec`](https://github.com/ex0dus-0x/binsec): cleaned,
de-yanked (`goblin 0.10.7`), and extended with **native, strictly
validated SARIF 2.1.0** output and **Markdown** reports.
## Features
- Cross-format: ELF, PE/EXE, Mach-O (parsing via
[goblin](https://github.com/m4b/goblin)).
- Reports four sections: basic metadata, compilation features, exploit
mitigations, and dynamic instrumentation.
- Output formats: human tables, JSON, **SARIF 2.1.0** (validated with
`SarifValidator::strict()`), and **GitHub-Flavored Markdown**.
- Auto-generates `report.sarif` + `report.md` per run (`--no-report`,
`--output-dir`).
- Pure-Rust dependency tree; no C libraries, no `bindgen`, no YARA.
## Install
```bash
cargo binstall ndaal-binsec # prebuilt binary (macOS/Linux, x86_64/aarch64)
# or, from source:
cargo install --path . # requires Rust >= 1.95
binsec --version # binsec 3.2.3
```
## Usage
```bash
binsec /usr/bin/ssh # human tables (default)
binsec --format sarif /usr/bin/ssh # SARIF 2.1.0 to stdout
binsec --format markdown /usr/bin/ssh # Markdown to stdout
binsec --no-report /usr/bin/ssh # stdout only, no files
```
See `binsec --help` for the full flag list.
## Documentation
- [User Guide](documentation/User_Guide.md)
- [Administrator Guide](documentation/Administrator_Guide.md)
- [Developer Guide](documentation/Developer_Guide.md)
- [Troubleshooting Guide](documentation/Troubleshooting_Guide.md)
- [API & Output Reference](documentation/API.md) ·
[Reference](documentation/Reference.md)
- [Architecture (arc42)](documentation/arc42/en/01-introduction-and-goals.md)
· [STRIDE threat model](documentation/threat-model/stride.md)
- [CHANGELOG](CHANGELOG.md) · [structure](structure.md)
## License
MIT — see [`LICENSE.md`](LICENSE.md). Original work © ex0dus-0x; fork and
SARIF/Markdown additions © ndaal.