GTFOcli it's a Command Line Interface for easy binaries search commands that can be used to bypass local security restrictions in misconfigured systems.
Using go:
go install github.com/cmd-tools/gtfocli@latestUsing homebrew:
brew tap cmd-tools/homebrew-tap
brew install gtfocliUsing docker:
docker pull cmdtoolsowner/gtfocliSearch for binary tar:
gtfocli search tarSearch for binary tar from stdin:
echo "tar" | gtfocli searchSearch for binaries located into file;
cat myBinaryList.txt
/bin/bash
/bin/sh
tar
arp
/bin/tail
gtfocli search -f myBinaryList.txtSearch for binary Winget.exe:
gtfocli search Winget --os windowsSearch for binary Winget from stdin:
echo "Winget" | gtfocli search --os windowsSearch for binaries located into file:
cat windowsExecutableList.txt
Winget
c:\\Users\\Desktop\\Ssh
Stordiag
Bash
c:\\Users\\Runonce.exe
Cmdkey
c:\dir\subDir\Users\Certreq.exe
gtfocli search -f windowsExecutableList.txt --os windowsSearch for binary Winget and print output in yaml format (see -h for available formats):
gtfocli search Winget -o yaml --os windowsExamples:
Search for binary Winget and print output in yaml format:
docker run -i cmdtoolsowner/gtfocli search Winget -o yaml --os windowsSearch for binary tar and print output in json format:
echo 'tar' | docker run -i cmdtoolsowner/gtfocli search -o jsonSearch for binaries located into file mounted as volume in the container:
cat myBinaryList.txt
/bin/bash
/bin/sh
tar
arp
/bin/tail
docker run -i -v $(pwd):/tmp cmdtoolsowner/gtfocli search -f /tmp/myBinaryList.txtAn example of common use case for gtfocli is together with find:
find / -type f \( -perm 04000 -o -perm -u=s \) -exec gtfocli search {} \; 2>/dev/nullor
find / -type f \( -perm 04000 -o -perm -u=s \) 2>/dev/null | gtfocli searchThanks to GTFOBins and LOLBAS, without these projects gtfocli would never have come to light.
You want to contribute to this project? Wow, thanks! So please just fork it and send a pull request.