GTFOBins

23 points by indigo

lilac

strikes me as close to ls /usr/bin

I’m really not sure what to do with this information. it feels vaguely similar to that anti-llm list that was just like “you should quit using curl and rsync and also essentially any operating system”

lothan

pentesters/offsec use this as a reference to exploit command injections, especially limited command injections that can be "upgraded" using the right command / flags

it's also useful for defenders to know the risks of using shell commands with attacker controlled data and if needed, how to properly sandbox a specific command

but yes the enumeration is a bit overkill when the answer is often "probably best not to use shell commands at all"
zk

This isn't a "do not use these" list. This is primarily used by pentesters and CTF players to abuse misconfigurations of common binaries on Linux systems.

This site was essential when I used to muck about with hackthebox and the like. Really nice resource.
- addison
  
  Dropping in to concur. Outside of HTB, it's also very helpful for highly-constrained shell/tool injection.
Student

Cat, a tool that allows file read on misconfigured systems, should be avoided