GTFOBins.github.io

GTFOBins is a reference website that catalogs standard Unix and Linux command-line programs that can be misused by an attacker who has already gained limited access to a system. The name stands for "Get The F*** Out Binaries," referring to the goal of using available tools to escape restrictions or escalate access.

The core idea is that many programs installed on Unix-like systems for legitimate purposes, such as text editors, file transfer utilities, scripting interpreters, and archive tools, have features that can be repurposed in a security context. For example, a text editor that can open a shell, or a file utility that can read files the current user should not have access to, becomes a problem if an attacker is looking for ways to move beyond their initial foothold. GTFOBins documents these techniques organized by program name, so security professionals can quickly look up whether a specific binary present on a target system offers any such capability.

The intended audience is penetration testers and security researchers who need to check what options are available during a controlled security assessment, as well as system administrators and defenders who want to understand what risks misconfigured permissions might introduce. The techniques documented include spawning shells, reading or writing arbitrary files, loading code, making network connections, and bypassing restricted execution environments.

The project is a static website generated from YAML data files and hosted on GitHub Pages. Contributions add new binaries or new techniques for existing ones. The README for this repository is minimal; the actual content lives at the project's website.