A high-performance command-line tool for rapid Linux privilege escalation reference. Search for binaries and get instant access to exploit commands for SUID, sudo, capabilities, and more.
- π¦ 366 binaries with complete detailed techniques (100% coverage!)
- π§ 1400+ privilege escalation techniques with step-by-step instructions
- π― 15 technique types (shell, suid, sudo, file_read, reverse_shell, bind_shell, etc.)
- β‘ Lightning-fast fuzzy search powered by RapidFuzz
- π¨ Beautiful terminal output with Rich library syntax highlighting
- οΏ½ Offline SQLite database for instant access anywhere
- π Comprehensive documentation for every exploitation method
- β‘ Fast Search: Multi-strategy search with fuzzy matching
- π― Comprehensive Database: Curated privilege escalation techniques
- π¨ Rich Output: Beautiful terminal formatting with syntax highlighting
- π§ Multiple Formats: Pretty, JSON, and compact output modes
- π Flexible Filtering: Search by technique type, risk level, and more
- π Statistics: View database statistics and technique distributions
# Download the latest release
wget https://github.com/supunhg/GTFOBins-CLI/releases/download/v1.0.0/gtfobins-cli_1.0.0-1_all.deb
# Install the package
sudo dpkg -i gtfobins-cli_1.0.0-1_all.deb
# Install dependencies if needed
sudo apt-get install -f
# Initialize the database
gtfo init# Clone the repository
git clone https://github.com/supunhg/GTFOBins-CLI.git
cd GTFOBins-CLI
# Build the package (installs dependencies automatically)
./build_deb.sh
# Install the generated .deb
sudo dpkg -i gtfobins-cli_1.0.0-1_all.deb
sudo apt-get install -f # if needed
# Initialize the database
gtfo init# Clone the repository
git clone https://github.com/supunhg/GTFOBins-CLI.git
cd GTFOBins-CLI
# Create and activate virtual environment (optional but recommended)
python3 -m venv venv
source venv/bin/activate
# Install dependencies
pip install -r requirements.txt
# Install the package
pip install -e .
# Initialize the database
gtfo initpip install gtfobins-cli
gtfo init# Initialize database with default binaries
gtfo init# Basic search
gtfo search vim
# Search with technique filter
gtfo search python --technique sudo
# Search with fuzzy matching disabled
gtfo search bash --no-fuzzy
# JSON output
gtfo search find --output json
# Compact output
gtfo search awk --output compact# List all binaries in pretty format
gtfo list
# List in compact format
gtfo list --output compact# Find all binaries with sudo techniques
gtfo technique sudo
# Find all binaries with SUID techniques
gtfo technique suid
# Find all binaries with file_write techniques
gtfo technique file_write --output json# View database statistics
gtfo stats
# JSON format
gtfo stats --output json# Get suggestions for binaries starting with 'py'
gtfo complete py
# Limit suggestions
gtfo complete vim --limit 5# Reset the database (will prompt for confirmation)
gtfo reset$ gtfo search find --technique suid
Found 1 binary(ies)
Binary: find [Risk: 5]
Search for files in a directory hierarchy
Path: /usr/bin/find
Aliases: gnufind,findutils
Techniques:
[1] SUID - SUID shell execution via find -exec
Command:
find . -exec /bin/sh -p \; -quit$ gtfo technique sudo
Binaries with 'sudo' technique:
Binary: systemctl [Risk: 5]
Binary: docker [Risk: 5]
Binary: python [Risk: 5]
Binary: bash [Risk: 5]
...$ gtfo search vim --output json
[
{
"id": 2,
"name": "vim",
"description": "Vi IMproved - enhanced vi editor",
"install_path": "/usr/bin/vim",
"common_aliases": "vi,vim.tiny,nvim",
"risk_level": 4,
"techniques": [
{
"technique_type": "sudo",
"command": "sudo vim -c ':!/bin/sh'",
"description": "Sudo shell escape via vim command mode"
}
]
}
]GTFOBins-CLI is built with a modular architecture:
- Database Layer: SQLite with optimized indexes and WAL mode
- Search Engine: Multi-strategy search with fuzzy matching using RapidFuzz
- CLI Interface: Click-based command-line interface
- Output Formatters: Rich-based pretty printing, JSON, and compact formats
See ARCHITECTURE.md for detailed architecture documentation.
The tool uses SQLite with two main tables:
- binaries: Stores binary information (name, description, path, aliases, risk level)
- techniques: Stores privilege escalation techniques for each binary
Common technique types in the database:
sudo: Techniques requiring sudo permissions (~382 binaries)suid: Techniques exploiting SUID binaries (~257 binaries)shell: Interactive shell spawning (~229 binaries)file_read: Techniques for reading privileged files (~32 binaries)capabilities: Techniques using Linux capabilities (~11 binaries)command: Non-interactive command execution (~14 binaries)file_write: Techniques involving file write operations (~9 binaries)file_upload: File exfiltration techniques (~5 binaries)file_download: File download techniques (~4 binaries)limited_suid: Limited SUID exploitation (Debian-specific) (~4 binaries)reverse_shell: Reverse shell connections (~2 binaries)library_load: Shared library loading techniques (~1 binary)non_interactive_reverse_shell: Non-interactive reverse shells (~1 binary)non_interactive_bind_shell: Non-interactive bind shells (~1 binary)
Binaries are rated on a scale of 1-5:
- 5: Critical risk (e.g., bash, python, docker)
- 4: High risk (e.g., vim, perl, nmap)
- 3: Medium risk (e.g., tar, less, man)
- 2: Low risk (e.g., wget, curl)
- 1: Minimal risk
Copyright (c) 2025 Supun Hewagamage. All Rights Reserved.
This software is proprietary and confidential. Unauthorized copying, modification, distribution, or use of this software is strictly prohibited.
Supun Hewagamage (@supunhg)
- GitHub: https://github.com/supunhg
- Repository: https://github.com/supunhg/GTFOBins-CLI pip install -e ".[dev]"
pytest
pytest --cov=gtfobins_cli --cov-report=html
### Code Formatting
```bash
# Format code with black
black src/
# Lint with flake8
flake8 src/
# Type checking with mypy
mypy src/
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This tool is designed for educational purposes and authorized security testing only. Never use these techniques on systems you don't own or don't have explicit permission to test.
Copyright (c) 2025 supunhg. All Rights Reserved.
This software is proprietary and confidential. Unauthorized copying, modification, distribution, or use of this software is strictly prohibited.
# Add update command to fetch latest GTFOBins data
gtfo update
# Force refresh from source
gtfo update --force
# Check for updates without applying
gtfo update --check-only# Check which dangerous binaries exist on current system
gtfo audit
# Scan system and show only relevant techniques
gtfo audit --relevant
# Check specific binary on system
gtfo check bash # Shows if binary exists + techniques
# System-wide SUID binary scan
gtfo audit --suid-scan
# Check for binaries with capabilities
gtfo audit --capabilities# Search by multiple criteria
gtfo search --risk 5 --technique sudo,suid
# Advanced filtering
gtfo search --path-contains "bin" --has-shell
# Regex search
gtfo search --regex "^py.*"
# Search technique descriptions
gtfo search --in-description "reverse shell"
# Combine multiple filters
gtfo search --risk-min 4 --technique file_read --fuzzy-threshold 90# Markdown for documentation
gtfo search vim --output markdown
# YAML for automation
gtfo search find --output yaml
# CSV for spreadsheet analysis
gtfo list --output csv
# Export to file
gtfo technique sudo --output json --file sudo_techniques.json
# HTML report generation
gtfo audit --output html --file security_audit.html
# Copy to clipboard
gtfo search bash --copy# Interactive search and exploration
gtfo interactive
# Features include:
# - Real-time search as you type
# - Tab completion
# - Menu-driven technique selection
# - One-click command copying
# - Technique preview
# - Command history# Create privilege escalation chains
gtfo chain --from user --to root --via sudo,suid
# Save common workflows
gtfo workflow save pentest-basics
# Run saved workflows
gtfo workflow run pentest-basics
# Export workflow as script
gtfo workflow export pentest-basics --format bash# Import findings from LinPEAS/LinEnum
gtfo import --from linpeas output.txt
# Export to Metasploit resource script
gtfo export --to metasploit --file exploit.rc
# Generate CherryTree notes
gtfo export --to cherrytree --file notes.ctb# Show explanations for beginners
gtfo learn suid
# Practice mode with challenges
gtfo practice --difficulty easy
# Show related techniques
gtfo related vim
# Technique comparison
gtfo compare bash vs zsh- In-memory caching for faster repeated searches
- Pre-computed search indexes
- Background database optimization
- Compressed technique storage
- Lazy loading for large datasets
- Technique verification status
- Community ratings
- Tested-on-version tracking
- Vulnerability CVE linking
- Defense recommendations
- Windows privilege escalation techniques
- macOS/BSD binaries
- Container escape techniques
- Cloud platform exploitation (AWS CLI, kubectl, etc.)
- Network device binaries (Cisco, Juniper CLIs)
- Database privilege escalation (MySQL, PostgreSQL, etc.)
- VSCode extension
- Burp Suite plugin
- tmux/screen integration
- Slack/Discord bot
- Web dashboard
- Mobile app (Android/iOS)
For issues, questions, or contributions, please open an issue on GitHub.
Disclaimer: This tool is for educational and authorized testing purposes only. Always ensure you have permission before testing security on any system.