The script will scan for SUID binaries on the system and check them against GTFOBins for potential vulnerabilities and privilege escalation techniques.
Gtfobins has made a significant impact on the cybersecurity landscape by providing a comprehensive collection of “gtfo” binaries and associated techniques. Accoring to DotComMagazine Gtfobins are a collection of Linux/Unix-binaries. These binaries can be leveraged to escalate privileges, bypass security restrictions, and gain unauthorized access to systems.
Thus empowers security professionals to test the security of their systems and identify potential vulnerabilities. It serves as a valuable resource for penetration testing, vulnerability assessments, and red teaming exercises. Additionally, system administrators can leverage Gtfobins to better understand the risks associated with certain binaries and implement appropriate security measures to protect their systems. This tool will help you do just that.
The GTFOBins Vulnerability Scanner is a tool designed to identify potential vulnerabilities and privilege escalation techniques in SUID binaries on a Linux system. It leverages information from GTFOBins, a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. This tool will help you identify the low hanging fruits in your system which you can then place security controls over.
- Scans the system for SUID binaries.
- Checks identified SUID binaries against GTFOBins for potential vulnerabilities.
- Displays potential privilege escalation techniques for vulnerable binaries such as e.g. SUDO, SUID, SHELL, FILE-READ, FILE-WRITE, FILE-DOWNLOAD, REVERSE SHELL, FILE-UPLOAD, LIMITED SUID, LIBRARY LOAD.
- Provides information on binaries that are not present in the local system.
- Welcome screen with ASCII art.
- curl (Ensure it is installed on your system)
- latest version of python
- gitpython is used for Git operations
- pyyaml is used for parsing YAML content.
- subprocess: os, threading, argparse, and sys are built-in Python libraries
-v, --verbose: Enable verbose mode. -o, --output : such as result.txt
This tool is licensed under the GPL-3.0 License - see the LICENSE file for details.
GTFOBins (gtfobins.github.io) - A fantastic resource for binary exploitation techniques. Credits to this repository for providing the main source for ALL the GTFO Binaries inforamtion.
Contributions are welcome! Please fork the repository and create a pull request with your enhancements.
For bug reports or feature requests, please open an issue on GitHub.
Vinal-2 - Author of GTFOBins Vulnerability Scanner
Clone repository:
git clone https://github.com/vinal-2/GTFObins
Install the tool using pip:
pip install gtfobins-scan
Python:
python -m pip install --upgrade pip
Identify SUID binaries and check for privilege escalation techniques:
gtfobins-scan
Enable verbose mode:
gtfobins-scan -v
Specify an output file for the scan results:
gtfobins-scan -o output.txt
Enable verbose mode and specify an output file:
gtfobins-scan -v -o output.txt
Identify SUID binaries and check for privilege escalation techniques:
python gtfobins_scan.py
python3 gtfobins_scan.py
Enable verbose mode and specify an output file:
python gtfobins_scan.py -v
python3 gtfobins_scan.py -v
Specify an output file for the scan results:
python gtfobins_scan.py -o output.txt
python3 gtfobins_scan.py -o output.txt
Enable verbose mode and specify an output file:
python gtfobins_scan.py -v -o output.txt
python3 gtfobins_scan.py -v -o output.txt