🔒 Aldur¶

Binary Security Analyzer¶

Detect security vulnerabilities, misconfigurations, and missing hardening features in your binaries

Multi-Format Analysis

Analyze PE (Windows), ELF (Linux/Unix), and Mach-O (macOS) binaries with a single tool
Blazing Fast

Written in Rust with parallel analysis — scan thousands of binaries in seconds
125+ Security Rules

Comprehensive checks for compiler flags, memory protections, and exploit mitigations
Cross-Platform

Runs on Windows, Linux, and macOS with full PDB support on all platforms

Quick Start¶

# Download and extract
curl -LO https://github.com/scovetta/Aldur/releases/download/v0.1.1/aldur-0.1.1-x86_64-unknown-linux-gnu.tar.gz
tar -xzf aldur-0.1.1-x86_64-unknown-linux-gnu.tar.gz

# Analyze a binary
./aldur analyze /path/to/binary

# Analyze a directory recursively with SARIF output
./aldur analyze -r -f sarif ./build/

Download

Linux x64 Linux ARM64

Windows x64 Windows ARM64

macOS x64 macOS ARM64

All Releases

GitHub Action

- uses: scovetta/aldur@v1
  with:
    targets: './build/'
    upload-sarif: true
    fail-on-error: true

Action Documentation

Security Checks at a Glance¶

Platform	Key Checks
Windows PE	ASLR, DEP, CFG, CET, /GS, /SDL, Authenticode, SafeSEH, High Entropy VA
Linux ELF	PIE, RELRO, Stack Canary, FORTIFY_SOURCE, NX, BIND_NOW, CET, BTI/PAC
macOS Mach-O	PIE, Stack Protector, ARC, Code Signing, PAC, Hardened Runtime

Browse All 125+ Rules

Why Aldur?¶

Feature	Aldur	Other Tools
Cross-platform binary	✅	❌ Often platform-specific
PE + ELF + Mach-O	✅	❌ Usually single format
PDB parsing (any OS)	✅	❌ Windows-only
SARIF output	✅	⚠️ Limited
GitHub Code Scanning	✅	⚠️ Manual setup
Supply chain security	✅	❌ Rarely signed
125+ security rules	✅	⚠️ Varies

Supply Chain Security¶

Every Aldur release includes:

✅ SHA-256 checksums for integrity verification
✅ Sigstore cosign signatures with keyless signing
✅ GitHub artifact attestations for build provenance
✅ SBOM in SPDX and CycloneDX formats

Verify Your Download