Skip to content

nccgroup/GTFOBLookup

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

GTFOBLookup

Offline command line lookup utility for GTFOBins, LOLBAS, and WADComs.

Files

  • .gitignore: Gitignore file
  • gtfoblookup.1: Linux man page for GTFOBLookup
  • gtfoblookup.py: GTFOBLookup utility
  • LICENSE.md: License file
  • README.md: This file
  • requirements.txt: List of required Python packages

Dependencies

Whilst GTFOBLookup will run in Python2.7, some features require Python3.

GTFOBLookup requires the following non-standard Python libraries to be installed:

  • appdirs (pip install appdirs)
  • colorama (pip install colorama)
  • git (pip install gitpython)
  • yaml (pip install pyyaml)

These can all be installed with the following command: pip install -r requirements.txt

Installation/Setup

To install GTFOBLookup, git clone the repository to your machine and run gtfoblookup.py update whilst connected to the internet:

Usage

On Linux, navigate to the GTFOBLookup directory and run man ./gtfoblookup.1 or see below:

gtfoblookup.py [-h] {update,purge,gtfobins,lolbas,wadcoms} ...

OPTIONS
   Sub-commands
       gtfoblookup.py update
              update local copies of repositories

       gtfoblookup.py purge
              remove local copies of repositories

       gtfoblookup.py gtfobins
              search the local copy of GTFOBins

       gtfoblookup.py lolbas
              search the local copy of LOLBAS

       gtfoblookup.py wadcoms
              search the local copy of WADComs

OPTIONS 'gtfoblookup.py update'
       usage: gtfoblookup.py update [-h] [-r repo]

       -r repo, --repo repo
              Only update the specified repository

OPTIONS 'gtfoblookup.py purge'
       usage: gtfoblookup.py purge [-h] [-r repo]

       -r repo, --repo repo
              Only delete the specified repository

OPTIONS 'gtfoblookup.py gtfobins'
       usage: gtfoblookup.py gtfobins [-h] {list,search} ...

   Sub-commands
       gtfoblookup.py gtfobins list
              list all types/categories/executables/prerequisites/services/attack types/OSs featured in the local copy of GTFOBins

       gtfoblookup.py gtfobins search
              searchthe GTFOBins repository

OPTIONS 'gtfoblookup.py gtfobins list'
       usage: gtfoblookup.py gtfobins list [-h] attribute

       attribute
              the attribute to list

OPTIONS 'gtfoblookup.py gtfobins search'
       usage: gtfoblookup.py gtfobins search [-h] [-c categories] [-f] executable

       executable
              the executable to search for

       -c categories, --category categories
              category or categories (comma separated) to search in

       -f, --file
              use a file containing a list of executables (one per line) instead of a single executable

OPTIONS 'gtfoblookup.py lolbas'
       usage: gtfoblookup.py lolbas [-h] {list,search} ...

   Sub-commands
       gtfoblookup.py lolbas list
              list all types/categories/executables/prerequisites/services/attack types/OSs featured in the local copy of LOLBAS

       gtfoblookup.py lolbas search
              searchthe LOLBAS repository

OPTIONS 'gtfoblookup.py lolbas list'
       usage: gtfoblookup.py lolbas list [-h] attribute

       attribute
              the attribute to list

OPTIONS 'gtfoblookup.py lolbas search'
       usage: gtfoblookup.py lolbas search [-h] [-c categories] [-t types] [-f]
                                             executable

       executable
              the executable to search for

       -c categories, --category categories
              category or categories (comma separated) to search in

       -t types, --type types
              type or types (comma separated)of executable to search for

       -f, --file
              use a file containing a list of executables (one per line) instead of a single executable

OPTIONS 'gtfoblookup.py wadcoms'
       usage: gtfoblookup.py wadcoms [-h] {list,search} ...

   Sub-commands
       gtfoblookup.py wadcoms list
              list all types/categories/executables/prerequisites/services/attack types/OSs featured in the local copy of WADComs

       gtfoblookup.py wadcoms search
              searchthe WADComs repository

OPTIONS 'gtfoblookup.py wadcoms list'
       usage: gtfoblookup.py wadcoms list [-h] attribute

       attribute
              the attribute to list

OPTIONS 'gtfoblookup.py wadcoms search'
       usage: gtfoblookup.py wadcoms search [-h] [-p prerequisites] [-s services]
                                              [-a attack_types] [-o OSs] [-f]
                                              executable

       executable
              the executable to search for

       -p prerequisites, --prereq prerequisites
              search for executables with a specific prerequisite or prerequisites (comma separated)

       -s services, --service services
              search for executables that interract with aspecific service or services(comma separated)

       -a attack_types, --attacktype attack_types
              search for executables that can be used for aspecific type or types (comma separated) of attacks

       -o OSs, --os OSs
              search for executables that can be run on a specific operating system oroperating systems (comma separated)

       -f, --file
              use a file containing a list of executables (one per line) instead of a single executable