whatisgithub

What is gtfobins.github.io?

gtfobins/gtfobins.github.io — explained in plain English

Analysis updated 2026-06-24

13,213YAMLAudience · developerComplexity · 1/5Setup · easy

In one sentence

GTFOBins is a searchable reference of standard Unix programs, editors, file tools, interpreters, that can be misused to escape restrictions or escalate access, used by penetration testers and defenders alike.

Mindmap

mindmap
  root((GTFOBins))
    What it does
      Reference database
      Unix binary misuse
      Searchable website
    Technique types
      Spawn shell
      Read write files
      Network connections
      Bypass restrictions
    Audience
      Pentesters
      Security researchers
      System defenders
    Format
      YAML data files
      GitHub Pages site
      Community contributions
    Use cases
      Pentest lookups
      Server hardening
      CTF challenges
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Look up during a penetration test whether a binary on the target system can be used to spawn a shell or read protected files

USE CASE 2

Audit your Linux servers to find programs with dangerous permissions that an attacker could exploit

USE CASE 3

Contribute a new binary or technique to the dataset by adding a YAML file to the repository

What is it built with?

YAMLGitHub PagesJekyll

How do you get it running?

Difficulty · easy Time to first run · 5min

So what is it?

GTFOBins is a reference website that catalogs standard Unix and Linux command-line programs that can be misused by an attacker who has already gained limited access to a system. The name stands for "Get The F*** Out Binaries," referring to the goal of using available tools to escape restrictions or escalate access. The core idea is that many programs installed on Unix-like systems for legitimate purposes, such as text editors, file transfer utilities, scripting interpreters, and archive tools, have features that can be repurposed in a security context. For example, a text editor that can open a shell, or a file utility that can read files the current user should not have access to, becomes a problem if an attacker is looking for ways to move beyond their initial foothold. GTFOBins documents these techniques organized by program name, so security professionals can quickly look up whether a specific binary present on a target system offers any such capability. The intended audience is penetration testers and security researchers who need to check what options are available during a controlled security assessment, as well as system administrators and defenders who want to understand what risks misconfigured permissions might introduce. The techniques documented include spawning shells, reading or writing arbitrary files, loading code, making network connections, and bypassing restricted execution environments. The project is a static website generated from YAML data files and hosted on GitHub Pages. Contributions add new binaries or new techniques for existing ones. The README for this repository is minimal, the actual content lives at the project's website.

Copy-paste prompts

Prompt 1
I have sudo access to run vim on a Linux server during a pentest, show me the GTFOBins techniques for spawning a shell or reading /etc/shadow using vim.
Prompt 2
Which binaries in the GTFOBins list can be used to make outbound network connections, and how would I use them to exfiltrate data in a CTF?
Prompt 3
I am hardening a Linux server, help me write a script that checks every SUID binary on the system against the GTFOBins list and reports risky ones.
Prompt 4
How do I add a new binary to GTFOBins? Show me the YAML format and what fields are required for a shell escape technique.

Frequently asked questions

What is gtfobins.github.io?

GTFOBins is a searchable reference of standard Unix programs, editors, file tools, interpreters, that can be misused to escape restrictions or escalate access, used by penetration testers and defenders alike.

What language is gtfobins.github.io written in?

Mainly YAML. The stack also includes YAML, GitHub Pages, Jekyll.

How hard is gtfobins.github.io to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is gtfobins.github.io for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.