ndaal-binsec 3.2.5

Binary (in)security scanner for ELF/PE/Mach-O with native, strictly-validated SARIF 2.1.0 and Markdown output (ndaal fork of binsec)
Documentation
<!--
SPDX-License-Identifier: MIT
SPDX-FileCopyrightText: 2026 ndaal mbH & Co. KG, Cologne
SPDX-FileCopyrightText: Author: Pierre Gronau <Pierre.Gronau@ndaal.eu>
SPDX-FileCopyrightText: Upstream: ex0dus-0x <ex0dus@codemuch.tech>
-->

# binsec

> 🇬🇧 English · [🇩🇪 Deutsch]LIESMICH.md · [🇫🇷 Français]LISEZMOI.md

**Binary (In)security tool** — a minimal static-analysis utility that
detects the security mitigations an **ELF / PE / Mach-O** executable was
built with.

This is the ndaal fork (**v3.2.5**) of
[`ex0dus-0x/binsec`](https://github.com/ex0dus-0x/binsec): cleaned,
de-yanked (`goblin 0.10.7`), and extended with **native, strictly
validated SARIF 2.1.0** output and **Markdown** reports.

## Features

- Cross-format: ELF, PE/EXE, Mach-O (parsing via
  [goblin]https://github.com/m4b/goblin).
- Reports four sections: basic metadata, compilation features, exploit
  mitigations, and dynamic instrumentation.
- Output formats: human tables, JSON, **SARIF 2.1.0** (validated with
  `SarifValidator::strict()`), and **GitHub-Flavored Markdown**.
- Auto-generates `report.sarif` + `report.md` per run (`--no-report`,
  `--output-dir`).
- Pure-Rust dependency tree; no C libraries, no `bindgen`, no YARA.

## Install

```bash
cargo binstall ndaal-binsec   # prebuilt binary (macOS/Linux, x86_64/aarch64)
# or, from source:
cargo install --path .        # requires Rust >= 1.95
binsec --version              # binsec 3.2.5
```

## Usage

```bash
binsec /usr/bin/ssh                       # human tables (default)
binsec --format sarif /usr/bin/ssh        # SARIF 2.1.0 to stdout
binsec --format markdown /usr/bin/ssh     # Markdown to stdout
binsec --json - /usr/bin/ssh | jq .       # JSON to stdout
binsec --output-dir ./reports /usr/bin/ssh   # report.sarif + report.md
binsec --no-report /usr/bin/ssh           # stdout only, no files
```

See `binsec --help` for the full flag list.

## Documentation

- [User Guide]documentation/User_Guide.md
- [Administrator Guide]documentation/Administrator_Guide.md
- [Developer Guide]documentation/Developer_Guide.md
- [Troubleshooting Guide]documentation/Troubleshooting_Guide.md
- [API & Output Reference]documentation/API.md ·
  [Reference]documentation/Reference.md
- [Architecture (arc42)]documentation/arc42/en/01-introduction-and-goals.md
  · [STRIDE threat model]documentation/threat-model/stride.md
- [CHANGELOG]CHANGELOG.md · [structure]structure.md

## License

MIT — see [`LICENSE.md`](LICENSE.md). Original work © ex0dus-0x; fork and
SARIF/Markdown additions © ndaal.