crack

module
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 7, 2026 License: MIT

README

CRACK - Compiler Hardening Checker

Work in Progress: This project is under active development. Functionality may change without notice.

A tool to analyze ELF binaries for security hardening features. Supports binaries compiled with gcc, clang, and rustc (stable).

Based on recommendations from:

Installation

go install github.com/mkacmar/crack/cmd/crack@latest

Or download pre-built binaries from Releases.

Usage

crack analyze [options] [<path>...]
Input Options
  • <path>... - Files or directories to analyze (supports glob patterns)
  • --recursive - Recursively scan directories
  • --input <file> - Read paths from file, one per line (use - for stdin)
  • --parallel <n> - Number of files to analyze in parallel
Rule Selection

See rules reference for available rules.

  • --rules <ids> - Comma-separated list of rule IDs to run
  • --target-compiler <spec> - Only run rules available for these compilers (e.g., gcc, clang:15)
  • --target-platform <spec> - Only run rules available for these platforms (e.g., arm64, amd64)

The --target-compiler and --target-platform flags filter which rules are loaded based on their applicability. At runtime, the tool also detects the actual compiler from binary metadata and skips rules that don't apply to the detected compiler. For stripped binaries where detection fails, all loaded rules run.

Output Options
  • --include-passed - Include passing checks in output
  • --include-skipped - Include skipped checks in output
  • --sarif <file> - Save detailed SARIF report to file
  • --aggregate - Aggregate findings into actionable recommendations
  • --exit-zero - Exit with 0 even when findings are detected
Logging Options
  • --log <file> - Write logs to file
  • --log-level <level> - Log level: none, debug, info, warn, error
Debuginfod Options

Fetch debug symbols from debuginfod servers.

  • --debuginfod - Enable debuginfod integration
  • --debuginfod-servers <urls> - Comma-separated server URLs
  • --debuginfod-cache <dir> - Cache directory for downloaded symbols
  • --debuginfod-timeout <duration> - HTTP timeout
  • --debuginfod-retries <n> - Max retries per server

License

MIT License - see LICENSE for details.

Directories

Path Synopsis
cmd
crack command
internal
analyzer
analyzer/elf
binary
cli
debuginfo
output
parser/elf
preset
rule
rules
rules/elf
scanner
toolchain
version
test
e2e

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.