GTFOBins
Star

GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.

The project collects legitimate functions of Unix binaries that can be abused to get the f**k break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks. See the full list of functions.

This was inspired by the LOLBins project for Windows.

GTFOBins is a collaborative project created by norbemi and cyrus_and where everyone can contribute with additional binaries and techniques.

Binary Functions
apt-get
apt
aria2c
ash
awk
base64
bash
busybox
cat
chmod
chown
cp
cpan
cpulimit
crontab
csh
curl
cut
dash
date
dd
diff
dmesg
dmsetup
docker
easy_install
ed
emacs
env
expand
expect
facter
file
find
finger
flock
fmt
fold
ftp
gdb
git
grep
head
ionice
jjs
journalctl
jq
jrunscript
ksh
ld.so
less
ltrace
lua
mail
make
man
more
mount
mv
mysql
nano
nc
nice
nl
nmap
node
od
perl
pg
php
pic
pico
pip
puppet
python
red
rlwrap
rpm
rpmquery
rsync
ruby
run-mailcap
run-parts
rvim
scp
sed
setarch
sftp
shuf
smbclient
socat
sort
sqlite3
ssh
start-stop-daemon
stdbuf
strace
tail
tar
taskset
tclsh
tcpdump
tee
telnet
tftp
time
timeout
ul
unexpand
uniq
unshare
vi
vim
watch
wget
whois
wish
xargs
xxd
zip
zsh
No binary matches...