explaingit

gtfobins/gtfobins.github.io

13,213YAMLAudience · developerComplexity · 1/5Setup · easy

TLDR

GTFOBins is a searchable reference of standard Unix programs, editors, file tools, interpreters, that can be misused to escape restrictions or escalate access, used by penetration testers and defenders alike.

Mindmap

mindmap
  root((GTFOBins))
    What it does
      Reference database
      Unix binary misuse
      Searchable website
    Technique types
      Spawn shell
      Read write files
      Network connections
      Bypass restrictions
    Audience
      Pentesters
      Security researchers
      System defenders
    Format
      YAML data files
      GitHub Pages site
      Community contributions
    Use cases
      Pentest lookups
      Server hardening
      CTF challenges
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Look up during a penetration test whether a binary on the target system can be used to spawn a shell or read protected files

USE CASE 2

Audit your Linux servers to find programs with dangerous permissions that an attacker could exploit

USE CASE 3

Contribute a new binary or technique to the dataset by adding a YAML file to the repository

Tech stack

YAMLGitHub PagesJekyll

Getting it running

Difficulty · easy Time to first run · 5min

In plain English

GTFOBins is a reference website that catalogs standard Unix and Linux command-line programs that can be misused by an attacker who has already gained limited access to a system. The name stands for "Get The F*** Out Binaries," referring to the goal of using available tools to escape restrictions or escalate access. The core idea is that many programs installed on Unix-like systems for legitimate purposes, such as text editors, file transfer utilities, scripting interpreters, and archive tools, have features that can be repurposed in a security context. For example, a text editor that can open a shell, or a file utility that can read files the current user should not have access to, becomes a problem if an attacker is looking for ways to move beyond their initial foothold. GTFOBins documents these techniques organized by program name, so security professionals can quickly look up whether a specific binary present on a target system offers any such capability. The intended audience is penetration testers and security researchers who need to check what options are available during a controlled security assessment, as well as system administrators and defenders who want to understand what risks misconfigured permissions might introduce. The techniques documented include spawning shells, reading or writing arbitrary files, loading code, making network connections, and bypassing restricted execution environments. The project is a static website generated from YAML data files and hosted on GitHub Pages. Contributions add new binaries or new techniques for existing ones. The README for this repository is minimal, the actual content lives at the project's website.

Copy-paste prompts

Prompt 1
I have sudo access to run vim on a Linux server during a pentest, show me the GTFOBins techniques for spawning a shell or reading /etc/shadow using vim.
Prompt 2
Which binaries in the GTFOBins list can be used to make outbound network connections, and how would I use them to exfiltrate data in a CTF?
Prompt 3
I am hardening a Linux server, help me write a script that checks every SUID binary on the system against the GTFOBins list and reports risky ones.
Prompt 4
How do I add a new binary to GTFOBins? Show me the YAML format and what fields are required for a shell escape technique.
Open on GitHub → Explain another repo

← gtfobins on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.