seg-0.1.0 is not a library.

`seg`

Analyze. Understand. Exploit binaries || seg, A CLI tool that gives you actionable binary intelligence in one command. Point it at any ELF binary and get a full recon report — protections, dangerous functions, symbols with PLT/GOT addresses, disassembly highlights, libc resolution, and a suggested exploit strategy. Built for CTF players, pentesters, and AI agents.

No more running 7 tools and cross-referencing output manually. One command. Full picture. 🦀

Features
Installation
Usage
Report Sections
Tools Used
Contribution
Support
Also see
License

Features

One command recon: Run seg analyze ./binary and get everything — protections, symbols, strings, disassembly, exploit strategy.
Dual output: --markdown for humans, --json for AI agents and automation pipelines.
Dangerous function detection: Flags gets, strcpy, system, printf and 17 more risky functions with call-site locations.
Exploit strategy: Automatically suggests ret2libc, ret2win, format string, shellcode, ROP, or heap exploitation based on what it finds.
Libc resolution: Extracts local libc from ldd and queries libc.rip for remote libc matching with useful offsets (system, str_bin_sh, etc.).
Disassembly highlights: Pulls out main, _start, and suspiciously named functions (vuln, win, backdoor, shell, etc.).
String categorization: Separates shell commands, format strings, file paths, URLs, and suspicious strings.
Portable: Written in Rust. Wraps standard Linux tools you already have.

TODO (pls help)

seg invoke: call exported functions from shared libraries using dlopen, dlsym, and libffi.
seg invoke --addr: call functions inside ELF binaries by address using debugger-assisted execution.
seg hook: hook libc/imported functions using LD_PRELOAD.
seg hook --frida: runtime hooks using Frida later.

References: https://youtu.be/0o8Ex8mXigU?si=Qq60LRr5jUB_nnwR

Installation

git clone --depth=1 https://github.com/pwnwriter/seg --branch=main
cd seg
cargo build --release

Binary will be at target/release/seg. Move it to your $PATH.

cargo install seg

nix run github:pwnwriter/seg

Requirements

seg wraps these standard Linux tools (most are pre-installed):

Tool	Package	Purpose
`file`	coreutils	Binary type detection
`stat`	coreutils	File metadata
`strings`	binutils	String extraction
`readelf`	binutils	ELF headers, sections, segments, symbols
`objdump`	binutils	Disassembly, PLT/GOT resolution
`ldd`	glibc	Linked library detection
`checksec`	checksec	Security protections

Missing tools won't crash seg — they degrade gracefully and report what couldn't be gathered.

Usage

╔═╝╔═╝╔═╝
══║╔═╝║ ║
══╝══╝══╝ v0.1.0
    Analyze. Understand. Exploit binaries
                @pwnwriter/seg

```
seg analyze ./vuln --markdown
```

seg analyze ./vuln --markdown report.md

```
seg analyze ./vuln --json
```

```
seg analyze ./vuln --json report.json
```

seg analyze ./vuln --markdown report.md --json report.json

seg ana ./vuln --json
seg analy ./vuln --markdown

seg analyze ./vuln --json | jq '.strategy'
seg analyze ./vuln --json | jq '.dangerous_functions'
seg analyze ./vuln --json | jq '.exploitation_hints'

Report Sections

#	Section	Description
1	Summary	Binary path, type, arch, bits, endianness
2	Security Protections	PIE, NX, Canary, RELRO, Fortify
3	File Metadata	Size, permissions, owner, SHA256
4	ELF Headers	Entry point, machine, ABI
5	Program Segments	LOAD, INTERP, etc. with permissions
6	Sections	.text, .plt, .got, .bss, etc.
7	Linked Libraries	Shared libraries from `ldd`
8	Dynamic Entries	NEEDED, INIT, FINI, etc.
9	Imported Functions	Name, library, PLT address, GOT address
10	Exported Symbols	Name, address, type
11	Interesting Strings	Shell, format strings, paths, URLs, suspicious
12	Disassembly Highlights	Entry point, main, suspicious functions
13	Dangerous Functions	gets, strcpy, system, printf, etc. with risk + location
14	Exploitation Hints	Buffer overflow, format string, ret2libc, ROP
15	Libc Information	Local libc + libc.rip matching
16	Suggested Strategy	Most likely exploit path with step-by-step
17	AI Agent Summary	One-line summary for automation
18	Raw Tool Outputs	Unprocessed output from all tools

How it works

seg is a wrapper and analyzer — it runs standard binary analysis tools, parses their output, cross-references the results, and generates structured intelligence:

Binary ──→ file, stat, readelf, objdump, strings, ldd, checksec
               │
               ▼
         Parse & Cross-reference
               │
               ▼
    Dangerous functions + Exploitation hints + Strategy
               │
               ▼
       Markdown (human) / JSON (machine)

The JSON output is designed to be consumed directly by AI agents, exploit scripts, or automation pipelines. Every address, every symbol, every protection status is structured and queryable.

Contribution

Contributions are welcome! You can suggest features, report bugs, fix issues via issues or pull requests. Help with code, documentation, and spreading the word about seg is appreciated!

Building test binaries

# Compile sample vulnerable binaries for testing
./tests/compile.sh

# Run seg against them
seg analyze ./tests/bins/bof_basic --markdown
seg analyze ./tests/bins/fmt_string --json
seg analyze ./tests/bins/ret2libc --json | jq '.strategy'
seg analyze ./tests/bins/heap_uaf --json | jq '.dangerous_functions'

Support

I am a student currently attending university. I like working for Open Source in my free time. If you find my tool or work beneficial, please consider supporting me via KO-FI by leaving a star; I'll appreciate your action :)

Also see

Haylxon :- A blazingly fast tool to grab screenshots of webpages from terminal
Kanha :- A web-app pentesting suite written in Rust
checksec :- Bash script to check binary security properties
pwntools :- CTF framework and exploit development library
binsider :- Analyze ELF binaries like a boss 😼🕵️‍♂️

License

Licensed under the MIT LICENSE

seg 0.1.0