Run a quick scan on a Linux machine during a penetration test to find all available paths to root privilege.
Automatically exploit a found misconfiguration such as a writable Docker socket to open a root shell in one command.
Check whether a specific CVE like Dirty Pipe or pwnkit is exploitable on a target system using the -e flag.
| liamg/traitor | simeji/jid | hatchet-dev/hatchet | |
|---|---|---|---|
| Stars | 7,132 | 7,127 | 7,141 |
| Language | Go | Go | Go |
| Setup difficulty | easy | easy | moderate |
| Complexity | 2/5 | 1/5 | 4/5 |
| Audience | ops devops | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Pre-built binaries available on the releases page, Linux target system required to scan.
Traitor is a command-line tool written in Go that checks a Linux system for common misconfigurations and known vulnerabilities that could let a regular user escalate to root, meaning gaining full administrative control of the machine. It is intended for security testers and penetration testers who already have limited access to a Linux system and want to find out whether a path to higher privileges exists. The tool covers a wide range of escalation routes. It checks nearly all entries from GTFOBins, a public reference list of Unix binaries that can be misused when a user has been granted sudo permissions for them. It also checks for a writable Docker socket, which is a common misconfiguration on servers running Docker, and it tests for three specific published vulnerabilities: Dirty Pipe (CVE-2022-0847), pwnkit (CVE-2021-4034), and CVE-2021-3560. If exploitable conditions are found, Traitor can automatically attempt to use them to open a root shell. Usage is straightforward from the command line. Running it with no flags scans for potential issues and reports them. Adding the -a flag makes it try each found issue in sequence and stop if it succeeds in getting a root shell. A specific exploit can also be targeted directly with the -e flag. A -p flag tells it the current user's password is known, which lets it analyze sudo permissions that would otherwise be inaccessible. Pre-built binaries are available on the releases page, or you can compile it yourself with the Go toolchain. The README also describes a method for transferring the binary to an air-gapped machine using base64 encoding when direct downloads are not possible.
A Go command-line tool for Linux that scans a system for privilege escalation paths, sudo misconfigurations, writable Docker sockets, and known CVEs, and can automatically exploit them to get root.
Mainly Go. The stack also includes Go.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.