GTFOBins — p3ta-tricks

GTFOBins

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

The project collects legitimate functions of Unix binaries that can be abused to break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate other post-exploitation tasks.

7z
aa-exec
ab
acr
agetty
alpine
ansible-playbook
ansible-test
aoss
apache2
apache2ctl
apport-cli
apt-get
aptitude
ar
arch-nspawn
aria2c
arj
arp
as
ascii-xfr
ascii85
ash
aspell
asterisk
at
atobm
autoconf
autoheader
autoreconf
aws
base32
base58
base64
basenc
basez
bash
bashbug
batcat
bbot
bc
bconsole
bee
borg
bpftrace
bridge
bundle
busctl
busybox
byebug
bzip2
cabal
cancel
capsh
cargo
cat
cdist
certbot
chattr
check_by_ssh
check_cups
check_log
check_memory
check_raid
check_ssl_cert
check_statusfile
chmod
choom
chown
chroot
chrt
clamscan
clisp
cmake
cmp
cobc
code
codex
column
comm
composer
cowsay
cowthink
cp
cpan
cpio
cpulimit
crash
crontab
csh
csplit
csvtool
ctr
cupsfilter
curl
cut
dash
date
dc
dd
debugfs
dhclient
dialog
diff
dig
distcc
dmesg
dmidecode
dmsetup
dnf
dnsmasq
doas
docker
dos2unix
dosbox
dotnet
dpkg
dstat
dvips
easy_install
easyrsa
eb
ed
efax
egrep
elvish
emacs
enscript
env
eqn
espeak
ex
exiftool
expand
expect
facter
fail2ban-client
fastfetch
ffmpeg
fgrep
file
find
finger
firejail
fish
flock
fmt
fold
forge
fping
ftp
fzf
gawk
gcc
gcloud
gcore
gdb
gem
genie
genisoimage
getent
ghc
ghci
gimp
ginsh
git
gnuplot
go
grc
grep
gtester
guile
gzip
hashcat
head
hexdump
hg
highlight
hping3
iconv
iftop
install
ionice
ip
iptables-save
irb
ispell
java
jjs
joe
join
journalctl
jq
jrunscript
jshell
jtag
julia
knife
ksshell
ksu
kubectl
last
latex
latexmk
ld.so
ldconfig
less
lftp
links
ln
loginctl
logrotate
logsave
look
lp
ltrace
lua
lualatex
luatex
lwp-download
lwp-request
lxd
m4
mail
make
man
mawk
minicom
more
mosh-server
mosquitto
mount
msfconsole
msgattrib
msgcat
msgconv
msgfilter
msgmerge
msguniq
mtr
multitime
mutt
mv
mypy
mysql
nano
nasm
nc
ncdu
ncftp
needrestart
neofetch
nft
nginx
nice
nl
nm
nmap
node
nohup
npm
nroff
nsenter
ntpdate
octave
od
opencode
openssl
openvpn
openvt
opkg
pandoc
passwd
paste
pax
pdb
pdflatex
pdftex
perf
perl
perlbug
pexec
pg
php
pic
pidstat
pip
pipx
pkexec
pkg
plymouth
podman
poetry
posh
pr
procmail
pry
psftp
psql
ptx
puppet
pwsh
pygmentize
pyright
python
qpdf
R
rake
ranger
rc
readelf
redcarpet
redis
restic
rev
rlogin
rlwrap
rpm
rpmdb
rpmquery
rpmverify
rsync
rsyslogd
rtorrent
ruby
run-mailcap
run-parts
runscript
rustc
rustdoc
rustfmt
rustup
sash
scanmem
scp
screen
script
scrot
sed
service
setarch
setcap
setfacl
setlock
sftp
sg
shred
shuf
slsh
smbclient
snap
socat
socket
soelim
softlimit
sort
split
sqlite3
sqlmap
ss
ssh
ssh-agent
ssh-copy-id
ssh-keygen
ssh-keyscan
sshfs
sshpass
sshuttle
start-stop-daemon
stdbuf
strace
strings
su
sudo
sysctl
systemctl
systemd-resolve
systemd-run
tac
tail
tailscale
tar
task
taskset
tasksh
tbl
tclsh
tcpdump
tcsh
tdbtool
tee
telnet
terraform
tex
tftp
tic
time
timedatectl
timeout
tmate
tmux
top
torify
torsocks
troff
tsc
tshark
ul
unexpand
uniq
unshare
unsquashfs
unzip
update-alternatives
urlget
uuencode
uv
vagrant
valgrind
varnishncsa
vi
vigr
vim
vipw
virsh
volatility
w3m
wall
watch
wc
wg-quick
wget
whiptail
whois
wireshark
wish
xargs
xdg-user-dir
xdotool
xmodmap
xmore
xpad
xxd
xz
yarn
yash
yelp
yt-dlp
yum
zathura
zcat
zgrep
zic
zip
zless
zsh
zsoelim
zypper