Offline command line lookup utility for GTFOBins, LOLBAS, WADComs, and HijackLibs.
- .gitignore: Gitignore file
- gtfoblookup.1: Linux man page for GTFOBLookup
- gtfoblookup.py: GTFOBLookup utility
- LICENSE.md: License file
- README.md: This file
- requirements.txt: List of required Python packages
Whilst GTFOBLookup will run in Python2.7, some features require Python3.
GTFOBLookup requires the following non-standard Python libraries to be installed:
- appdirs (
pip install appdirs) - colorama (
pip install colorama) - git (
pip install gitpython) - yaml (
pip install pyyaml)
These can all be installed with the following command: pip install -r requirements.txt
It is recommended to install GTFOBLookup using pipx:
pipx install git+https://github.com/nccgroup/GTFOBLookup.git
Once installed, run gtfoblookup.py update whilst connected to the internet to download local copies of the repositories.
On Linux, navigate to the GTFOBLookup directory and run man ./gtfoblookup.1 or see below:
gtfoblookup.py [-h] {update,purge,gtfobins,lolbas,wadcoms,hijacklibs} ...
OPTIONS
Sub-commands
gtfoblookup.py update
update local copies of repositories
gtfoblookup.py purge
remove local copies of repositories
gtfoblookup.py gtfobins
search the local copy of GTFOBins
gtfoblookup.py lolbas
search the local copy of LOLBAS
gtfoblookup.py wadcoms
search the local copy of WADComs
gtfoblookup.py hijacklibs
search the local copy of HijackLibs
OPTIONS 'gtfoblookup.py update'
usage: gtfoblookup.py update [-h] [-r repo]
-r repo, --repo repo
Only update the specified repository
OPTIONS 'gtfoblookup.py purge'
usage: gtfoblookup.py purge [-h] [-r repo]
-r repo, --repo repo
Only delete the specified repository
OPTIONS 'gtfoblookup.py gtfobins'
usage: gtfoblookup.py gtfobins [-h] {list,search} ...
Sub-commands
gtfoblookup.py gtfobins list
list all types/categories/executables/prerequisites/services/attack types/OSs featured in the local copy of GTFOBins
gtfoblookup.py gtfobins search
searchthe GTFOBins repository
OPTIONS 'gtfoblookup.py gtfobins list'
usage: gtfoblookup.py gtfobins list [-h] attribute
attribute
the attribute to list
OPTIONS 'gtfoblookup.py gtfobins search'
usage: gtfoblookup.py gtfobins search [-h] [-c categories] [-f] executable
executable
the executable to search for
-c categories, --category categories
category or categories (comma separated) to search in
-f, --file
use a file containing a list of executables (one per line) instead of a single executable
OPTIONS 'gtfoblookup.py lolbas'
usage: gtfoblookup.py lolbas [-h] {list,search} ...
Sub-commands
gtfoblookup.py lolbas list
list all types/categories/executables/prerequisites/services/attack types/OSs featured in the local copy of LOLBAS
gtfoblookup.py lolbas search
searchthe LOLBAS repository
OPTIONS 'gtfoblookup.py lolbas list'
usage: gtfoblookup.py lolbas list [-h] attribute
attribute
the attribute to list
OPTIONS 'gtfoblookup.py lolbas search'
usage: gtfoblookup.py lolbas search [-h] [-c categories] [-t types] [-f]
executable
executable
the executable to search for
-c categories, --category categories
category or categories (comma separated) to search in
-t types, --type types
type or types (comma separated)of executable to search for
-f, --file
use a file containing a list of executables (one per line) instead of a single executable
OPTIONS 'gtfoblookup.py wadcoms'
usage: gtfoblookup.py wadcoms [-h] {list,search} ...
Sub-commands
gtfoblookup.py wadcoms list
list all types/categories/executables/prerequisites/services/attack types/OSs featured in the local copy of WADComs
gtfoblookup.py wadcoms search
searchthe WADComs repository
OPTIONS 'gtfoblookup.py wadcoms list'
usage: gtfoblookup.py wadcoms list [-h] attribute
attribute
the attribute to list
OPTIONS 'gtfoblookup.py wadcoms search'
usage: gtfoblookup.py wadcoms search [-h] [-p prerequisites] [-s services]
[-a attack_types] [-o OSs] [-f]
executable
executable
the executable to search for
-p prerequisites, --prereq prerequisites
search for executables with a specific prerequisite or prerequisites (comma separated)
-s services, --service services
search for executables that interract with aspecific service or services(comma separated)
-a attack_types, --attacktype attack_types
search for executables that can be used for aspecific type or types (comma separated) of attacks
-o OSs, --os OSs
search for executables that can be run on a specific operating system oroperating systems (comma separated)
-f, --file
use a file containing a list of executables (one per line) instead of a single executable
OPTIONS 'gtfoblookup.py hijacklibs'
usage: gtfoblookup.py hijacklibs [-h] {list,search} ...
Sub-commands 'gtfoblookup.py hijacklibs'
gtfoblookup.py hijacklibs list
list all types/categories/executables/prerequisites/services/attack types/OSs featured in the local copy of HijackLibs
gtfoblookup.py hijacklibs search
searchthe HijackLibs repository
OPTIONS 'gtfoblookup.py hijacklibs list'
usage: gtfoblookup.py hijacklibs list [-h] attribute
attribute
the attribute to list
Sub-commands 'gtfoblookup.py hijacklibs search'
usage: gtfoblookup.py hijacklibs search [-h] [-a attack_types] [-v vendors] [-f] executable
executable
the executable to search for (use "all" to show results for all executables)
OPTIONS 'gtfoblookup.py hijacklibs search'
-a attack_types, --attacktype attack_types
search for executables that can be used for aspecific type or types (comma separated) of attacks
-v vendors, --vendor vendors
search for executables from a specific vendor or vendors (comma separated)
-f, --file
use a file containing a list of executables (one per line) instead of a single executable
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent