Summary: This content discusses BLint, a Binary Linter that evaluates the security properties and capabilities of executables and can produce Software Bill-of-Materials (SBOM) for compatible binaries.
Threat Actor: N/A
Victim: N/A
Key Point :
- BLint is an open-source tool that aids in generating an SBOM for binary executables, allowing for the identification of overlooked security weaknesses and vulnerable software.
BLint is a Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations. From version 2, BLint can also produce Software Bill-of-Materials (SBOM) for compatible binaries.
BLint features
“Several source code analysis tools can examine a code repository and generate an SBOM. But what about a binary executable, where the code repository may not be available and the executable is the only artifact to work with? Enter BLint, which aids in generating an SBOM for a binary executable. Creating BLint as open source and adopting it into the OWASP family means that it will be available to all and will grow and evolve,” Tim Messing, Application Security Engineer at Universal Music Group and one of the developers, told Help Net Security.
Messing explained that static analysis of binaries is often underutilized in identifying malicious and/or vulnerable software.
- Can be used to detect overlooked security weaknesses and code signing or authenticode issues of compiled binaries in CI/CD pipelines. Third-party or proprietary dependencies in the form of binaries should be analyzed as part of software supply chain security efforts
- Does not rely on signatures but instead focuses on capabilities
- Does not execute the target, preserving resources and avoiding the need for a live environment
Supported formats
Supported binary formats:
- Android (apk, aab)
- ELF (GNU, musl)
- PE (exe, dll)
- Mach-O (x64, arm64)
You can run BLint on Linux, Windows, and Mac against these binary formats.
The SBOM feature is supported for these types:
- Android (apk/aab)
- Dotnet executable binaries
- Go binaries
Future plans and download
Caroline Russell, Staff Security Engineer at AppThreat, told us the team wants to keep BLint relatively minimal and lightweight. They are looking at adding the following capabilities:
1. Detecting libraries dynamically loaded during runtime
2. Offering a deep mode that will list symbols within static libraries.
3. Add additional annotations and refine existing ones.
4. Add CycloneDx 1.6 support for the SBOM feature.
BLint is available for free on GitHub.
Must read:
Source: https://www.helpnetsecurity.com/2024/05/14/blint-open-source-check-security-properties-executables
“An interesting youtube video that may be related to the article above”