cwe_checker is a static analysis tool that detects common vulnerability patterns in ELF binaries across multiple CPU architectures using Ghidra's intermediate representation.
cwe_checker finds vulnerable patterns in binary executables
Security analysts and firmware researchers use cwe_checker to identify potential vulnerabilities such as null pointer dereferences and buffer overflows in binary executables, especially for Linux and Unix systems. It is particularly useful for analyzing firmware and multi-architecture binaries where source code is unavailable. The tool aids in accelerating vulnerability discovery through automated static analysis integrated with Ghidra.
cwe_checker requires a local installation of Ghidra (version 10.2 or higher) for disassembly and analysis. Using the Docker image simplifies setup but is limited to x86 architecture; building locally allows ARM support. The tool focuses on ELF binaries and may not support other binary formats. Users should keep the tool updated to benefit from significant improvements between stable releases.
Pull the latest Docker image: docker pull ghcr.io/fkie-cad/cwe_checker:latest
Alternatively, pull stable or specific version images: docker pull ghcr.io/fkie-cad/cwe_checker:stable or docker pull ghcr.io/fkie-cad/cwe_checker:v0.9
To build Docker image locally: docker build -t cwe_checker .
For local installation, ensure Rust >= 1.82 is installed
Install Ghidra >= 10.2 and note its installation path
Run make all GHIDRA_PATH=/path/to/ghidra_folder to compile and install cwe_checker locally
If GHIDRA_PATH is omitted, the installer searches the filesystem for Ghidradocker run --rm -v /PATH/TO/BINARY:/input ghcr.io/fkie-cad/cwe_checker /input
Run cwe_checker using the official Docker image to analyze a binary mounted at /input
cwe_checker BINARY
Run cwe_checker locally on the specified binary after installation
nix run github:fkie-cad/cwe_checker -- BINARY
Run cwe_checker using nix flakes on the specified binary