explaingit

liamg/traitor

7,132GoAudience · ops devopsComplexity · 2/5Setup · easy

TLDR

A Go command-line tool for Linux that scans a system for privilege escalation paths, sudo misconfigurations, writable Docker sockets, and known CVEs, and can automatically exploit them to get root.

Mindmap

mindmap
  root((traitor))
    What it does
      Privilege escalation scan
      Auto exploit
      CVE checks
    Tech Stack
      Go binary
      Linux targets
    Checks
      GTFOBins sudo
      Docker socket
      Dirty Pipe CVE
      pwnkit CVE
    Usage
      Scan only
      Auto exploit mode
      Target specific CVE
    Distribution
      Pre-built binary
      Build from source
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Run a quick scan on a Linux machine during a penetration test to find all available paths to root privilege.

USE CASE 2

Automatically exploit a found misconfiguration such as a writable Docker socket to open a root shell in one command.

USE CASE 3

Check whether a specific CVE like Dirty Pipe or pwnkit is exploitable on a target system using the -e flag.

Tech stack

Go

Getting it running

Difficulty · easy Time to first run · 5min

Pre-built binaries available on the releases page, Linux target system required to scan.

In plain English

Traitor is a command-line tool written in Go that checks a Linux system for common misconfigurations and known vulnerabilities that could let a regular user escalate to root, meaning gaining full administrative control of the machine. It is intended for security testers and penetration testers who already have limited access to a Linux system and want to find out whether a path to higher privileges exists. The tool covers a wide range of escalation routes. It checks nearly all entries from GTFOBins, a public reference list of Unix binaries that can be misused when a user has been granted sudo permissions for them. It also checks for a writable Docker socket, which is a common misconfiguration on servers running Docker, and it tests for three specific published vulnerabilities: Dirty Pipe (CVE-2022-0847), pwnkit (CVE-2021-4034), and CVE-2021-3560. If exploitable conditions are found, Traitor can automatically attempt to use them to open a root shell. Usage is straightforward from the command line. Running it with no flags scans for potential issues and reports them. Adding the -a flag makes it try each found issue in sequence and stop if it succeeds in getting a root shell. A specific exploit can also be targeted directly with the -e flag. A -p flag tells it the current user's password is known, which lets it analyze sudo permissions that would otherwise be inaccessible. Pre-built binaries are available on the releases page, or you can compile it yourself with the Go toolchain. The README also describes a method for transferring the binary to an air-gapped machine using base64 encoding when direct downloads are not possible.

Copy-paste prompts

Prompt 1
Run traitor on my Linux test VM with the -a flag and show me every escalation path it finds and attempts to exploit.
Prompt 2
Use traitor with the -p flag and my user password to check all my sudo permissions against the GTFOBins list.
Prompt 3
Transfer the traitor binary to an air-gapped Linux box using base64 encoding and check for privilege escalation paths.
Prompt 4
Run traitor targeting only the CVE-2022-0847 Dirty Pipe exploit to check if my Linux kernel version is vulnerable.
Open on GitHub → Explain another repo

← liamg on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.