The script will scan for SUID binaries on the system and check them against GTFOBins for potential vulnerabilities and privilege escalation techniques.
Gtfobins has made a significant impact on the cybersecurity landscape by providing a comprehensive collection of “gtfo” binaries and associated techniques. Accoring to DotComMagazine Gtfobins are a collection of Linux/Unix-binaries. These binaries can be leveraged to escalate privileges, bypass security restrictions, and gain unauthorized access to systems.
Thus empowers security professionals to test the security of their systems and identify potential vulnerabilities. It serves as a valuable resource for penetration testing, vulnerability assessments, and red teaming exercises. Additionally, system administrators can leverage Gtfobins to better understand the risks associated with certain binaries and implement appropriate security measures to protect their systems. This tool will help you do just that.
The GTFOBins Vulnerability Scanner is a tool designed to identify potential vulnerabilities and privilege escalation techniques in SUID binaries on a Linux system. It leverages information from GTFOBins, a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. This tool will help you identify the low hanging fruits in your system which you can then place security controls over.
- Scans the system for SUID binaries.
- Checks identified SUID binaries against GTFOBins for potential vulnerabilities.
- Displays potential privilege escalation techniques for vulnerable binaries such as e.g. SUDO, SUID, SHELL, FILE-READ, FILE-WRITE, FILE-DOWNLOAD, REVERSE SHELL, FILE-UPLOAD, LIMITED SUID, LIBRARY LOAD.
- Provides information on binaries that are not present in the local system.
- Welcome screen with ASCII art.
- curl (Ensure it is installed on your system)
- latest version of python
- gitpython is used for Git operations
- pyyaml is used for parsing YAML content.
- subprocess: os, threading, argparse, and sys are built-in Python libraries
-v, --verbose: Enable verbose mode. -o, --output : such as result.txt
This tool is licensed under the GPL-3.0 License - see the LICENSE file for details.
GTFOBins (gtfobins.github.io) - A fantastic resource for binary exploitation techniques. Credits to this repository for providing the main source for ALL the GTFO Binaries inforamtion.
Contributions are welcome! Please fork the repository and create a pull request with your enhancements.
For bug reports or feature requests, please open an issue on GitHub.
Vinal-2 - Author of GTFOBins Vulnerability Scanner
Clone repository:
git clone https://github.com/vinal-2/GTFObinsInstall the tool using pip:
pip install gtfobins-scanPython:
python -m pip install --upgrade pip
Identify SUID binaries and check for privilege escalation techniques:
gtfobins-scanEnable verbose mode:
gtfobins-scan -vSpecify an output file for the scan results:
gtfobins-scan -o output.txtEnable verbose mode and specify an output file:
gtfobins-scan -v -o output.txtIdentify SUID binaries and check for privilege escalation techniques:
python gtfobins_scan.pypython3 gtfobins_scan.pyEnable verbose mode and specify an output file:
python gtfobins_scan.py -vpython3 gtfobins_scan.py -vSpecify an output file for the scan results:
python gtfobins_scan.py -o output.txtpython3 gtfobins_scan.py -o output.txtEnable verbose mode and specify an output file:
python gtfobins_scan.py -v -o output.txtpython3 gtfobins_scan.py -v -o output.txt
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent