Seg – CTF 및 AI 에이전트를 위한 단일 명령 바이너리 정찰(Rust)

Analyze. Understand. Exploit binaries || seg , A CLI tool that gives you actionable binary intelligence in one command. Point it at any ELF binary and get a full recon report — protections, dangerous functions, symbols with PLT/GOT addresses, disassembly highlights, libc resolution, and a suggested exploit strategy. Built for CTF players , pentesters , and AI agents . No more running 7 tools and cross-referencing output manually. One command. Full picture. 🦀 - One command recon: Run seg analyze ./binary and get everything — protections, symbols, strings, disassembly, exploit strategy. - Dual output: --markdown for humans,--json for AI agents and automation pipelines. - Dangerous function detection: Flags gets ,strcpy ,system ,printf and 17 more risky functions with call-site locations. - Exploit strategy: Automatically suggests ret2libc, ret2win, format string, shellcode, ROP, or heap exploitation based on what it finds. - Libc resolution: Extracts local libc from ldd and queries libc.rip for remote libc matching with useful offsets (system ,str_bin_sh , etc.). - Disassembly highlights: Pulls out main ,_start , and suspiciously named functions (vuln ,win ,backdoor ,shell , etc.). - String categorization: Separates shell commands, format strings, file paths, URLs, and suspicious strings. - Portable: Written in Rust. Wraps standard Linux tools you already have. - seg invoke : call exported functions from shared libraries usingdlopen ,dlsym , andlibffi . - seg invoke --addr : call functions inside ELF binaries by address using debugger-assisted execution. - seg hook : hook libc/imported functions usingLD_PRELOAD . - seg hook --frida : runtime hooks using Frida later.References: https://youtu.be/0o8Ex8mXigU?si=Qq60LRr5jUB_nnwR 🌼 Source git clone --depth=1 https://github.com/pwnwriter/seg --branch=main cd seg cargo build --release Binary will be at target/release/seg . Move it to your $PATH . 🎠 Cargo cargo install seg ❄️ Nix nix run github:pwnwriter/seg seg wraps these standard Linux tools (most are pre-installed): | Tool | Package | Purpose | |---|---|---| file | coreutils | Binary type detection | stat | coreutils | File metadata | strings | binutils | String extraction | readelf | binutils | ELF headers, sections, segments, symbols | objdump | binutils | Disassembly, PLT/GOT resolution | ldd | glibc | Linked library detection | checksec | checksec | Security protections | Missing tools won't crash seg — they degrade gracefully and report what couldn't be gathered. ╔═╝╔═╝╔═╝ ══║╔═╝║ ║ ══╝══╝══╝ v0.1.0 Analyze. Understand. Exploit binaries @pwnwriter/seg - Markdown report to stdout seg analyze ./vuln --markdown - Markdown report to file seg analyze ./vuln --markdown report.md - JSON report to stdout seg analyze ./vuln --json - JSON report to file seg analyze ./vuln --json report.json - Both formats at once seg analyze ./vuln --markdown report.md --json report.json - Short aliases seg ana ./vuln --json seg analy ./vuln --markdown - Pipe JSON to jq seg analyze ./vuln --json | jq '.strategy' seg analyze ./vuln --json | jq '.dangerous_functions' seg analyze ./vuln --json | jq '.exploitation_hints' 📊 View Report Sections | # | Section | Description | |---|---|---| | 1 | Summary | Binary path, type, arch, bits, endianness | | 2 | Security Protections | PIE, NX, Canary, RELRO, Fortify | | 3 | File Metadata | Size, permissions, owner, SHA256 | | 4 | ELF Headers | Entry point, machine, ABI | | 5 | Program Segments | LOAD, INTERP, etc. with permissions | | 6 | Sections | .text, .plt, .got, .bss, etc. | | 7 | Linked Libraries | Shared libraries from ldd | | 8 | Dynamic Entries | NEEDED, INIT, FINI, etc. | | 9 | Imported Functions | Name, library, PLT address, GOT address | | 10 | Exported Symbols | Name, address, type | | 11 | Interesting Strings | Shell, format strings, paths, URLs, suspicious | | 12 | Disassembly Highlights | Entry point, main, suspicious functions | | 13 | Dangerous Functions | gets, strcpy, system, printf, etc. with risk + location | | 14 | Exploitation Hints | Buffer overflow, format string, ret2libc, ROP | | 15 | Libc Information | Local libc + libc.rip matching | | 16 | Suggested Strategy | Most likely exploit path with step-by-step | | 17 | AI Agent Summary | One-line summary for automation | | 18 | Raw Tool Outputs | Unprocessed output from all tools | seg is a wrapper and analyzer — it runs standard binary analysis tools, parses their output, cross-references the results, and generates structured intelligence: Binary ──→ file, stat, readelf, objdump, strings, ldd, checksec │ ▼ Parse & Cross-reference │ ▼ Dangerous functions + Exploitation hints + Strategy │ ▼ Markdown (human) / JSON (machine) The JSON output is designed to be consumed directly by AI agents, exploit scripts, or automation pipelines. Every address, every symbol, every protection status is structured and queryable. Contributions are welcome! You can suggest features, report bugs, fix issues via issues or pull requests. Help with code, documentation, and spreading the word about seg is appreciated! # Compile sample vulnerable binaries for testing ./tests/compile.sh # Run seg against them seg analyze ./tests/bins/bof_basic --markdown seg analyze ./tests/bins/fmt_string --json seg analyze ./tests/bins/ret2libc --json | jq '.strategy' seg analyze ./tests/bins/heap_uaf --json | jq '.dangerous_functions' I am a student currently attending university. I like working for Open Source in my free time. If you find my tool or work beneficial, please consider supporting me via KO-FI by leaving a star; I'll appreciate your action :) Haylxon :- A blazingly fast tool to grab screenshots of webpages from terminalKanha :- A web-app pentesting suite written in Rustchecksec :- Bash script to check binary security propertiespwntools :- CTF framework and exploit development librarybinsider :- Analyze ELF binaries like a boss 😼🕵️♂️ Licensed under the MIT LICENSE Copyright © 2026 - present pwnwriter me