{"id":15008888,"url":"https://github.com/anon-exploiter/suid3num","last_synced_at":"2025-04-04T20:15:16.318Z","repository":{"id":41128753,"uuid":"214602064","full_name":"Anon-Exploiter/SUID3NUM","owner":"Anon-Exploiter","description":"A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository \u0026 auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)","archived":false,"fork":false,"pushed_at":"2021-08-15T20:37:50.000Z","size":146,"stargazers_count":620,"open_issues_count":0,"forks_count":125,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-04-04T20:15:12.732Z","etag":null,"topics":["auto-exploitation","boot2root","exploitation","gtfo","gtfo-bin","gtfobins","htb","oscp","oscp-tools","pentest","pentest-tools","pentesting","privilege-escalation","python","python-3","standalone-python-script","suid","suid-binaries","suid3num","vulnhub"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Anon-Exploiter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-10-12T07:40:24.000Z","updated_at":"2025-03-28T23:10:19.000Z","dependencies_parsed_at":"2022-08-10T01:35:46.190Z","dependency_job_id":null,"html_url":"https://github.com/Anon-Exploiter/SUID3NUM","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anon-Exploiter%2FSUID3NUM","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anon-Exploiter%2FSUID3NUM/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anon-Exploiter%2FSUID3NUM/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anon-Exploiter%2FSUID3NUM/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Anon-Exploiter","download_url":"https://codeload.github.com/Anon-Exploiter/SUID3NUM/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247242681,"owners_count":20907134,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auto-exploitation","boot2root","exploitation","gtfo","gtfo-bin","gtfobins","htb","oscp","oscp-tools","pentest","pentest-tools","pentesting","privilege-escalation","python","python-3","standalone-python-script","suid","suid-binaries","suid3num","vulnhub"],"created_at":"2024-09-24T19:21:29.658Z","updated_at":"2025-04-04T20:15:16.299Z","avatar_url":"https://github.com/Anon-Exploiter.png","language":"Python","readme":"# SUID3NUM\n\n[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://GitHub.com/Anon-Exploiter/SUID3NUM.js/graphs/commit-activity)\n[![made-with-python](https://img.shields.io/badge/Made%20with-Python-1f425f.svg)](https://www.python.org/)\n![GitHub](https://img.shields.io/github/license/Anon-Exploiter/SUID3NUM)\n[![Contributors][contributors-shield]][contributors-url]\n![GitHub closed issues](https://img.shields.io/github/issues-closed/Anon-Exploiter/SUID3NUM)\n![GitHub closed pull requests](https://img.shields.io/github/issues-pr-closed/Anon-Exploiter/SUID3NUM)\n[![Twitter](https://img.shields.io/twitter/url/https/twitter.com/cloudposse.svg?style=social\u0026label=%40syed_umar)](https://twitter.com/syed__umar)\n[![LinkedIn][linkedin-shield]][linkedin-url]\n\n[contributors-shield]: https://img.shields.io/github/contributors/Anon-Exploiter/SUID3NUM.svg?style=flat-square\n[contributors-url]: https://github.com/Anon-Exploiter/SUID3NUM/graphs/contributors\n[issues-shield]: https://img.shields.io/github/issues/Anon-Exploiter/SUID3NUM.svg?style=flat-square\n[issues-url]: https://github.com/Anon-Exploiter/SUID3NUM/issues\n[linkedin-shield]: https://img.shields.io/badge/-LinkedIn-black.svg?style=flat-square\u0026logo=linkedin\u0026colorB=555\n[linkedin-url]: https://www.linkedin.com/in/syedumararfeen/\n\n\n**A standalone python2/3 script which utilizes python's built-in modules to find SUID bins, separate default bins from custom bins, cross-match those with bins in GTFO Bin's repository \u0026 auto-exploit those, all with colors! ( ͡ʘ ͜ʖ ͡ʘ)**\n\n[![asciicast](https://asciinema.org/a/343568.svg)](https://asciinema.org/a/343568)\n\n### Description\nA standalone script supporting both python2 \u0026 python3 to find out all SUID binaries in machines/CTFs and do the following\n- List all Default SUID Binaries (which ship with linux/aren't exploitable)\n- List all Custom Binaries (which don't ship with packages/vanilla installation)\n- List all custom binaries found in GTFO Bin's (This is where things get interesting)\n- Printing binaries and their exploitation (in case they create files on the machine)\n- Try and exploit found custom SUID binaries which won't impact machine's files\n\nWhy This? \n- Because LinEnum and other enumeration scripts only print SUID binaries \u0026 GTFO Binaries, they don't seperate default from custom, which leads to severe head banging in walls for 3-4 hours when you can't escalate privs :) \n\n### Can I use this in OSCP?\n**Yes, you totally can.** I used it in my exam, linked it in the report as well. Just don't use `-e` (according to some people) and you're good to go!\n\nThe auto exploitation (i.e. -e) was implemented because I'm a little bit lazy and don't really like copy/pasting so it did the rest for me, you won't find easy binaries like those in OSCP (it ain't kids play), you'll definitely have to research a little bit but it'll do half of the work for you -- can't stress this enough. If you're reading this section, good luck for your exam though.  \n\n### Changelog\n- Added new section of binaries which impact the system (Auto-Exploitation isn't supported for binaries which impact the system in any way i.e. creating new files, directories, modifying existing files etc.). The user has to manually execute those commands, and is supposed to understand those before running as well! (POC: \nhttps://i.imgur.com/FclFFwg.png)\n\n### Output\n\u003ca href=\"https://github.com/Anon-Exploiter/SUID3NUM/blob/master/output.matlab\" target=\"_blank\"\u003eSUID3NUM's Sample output\u003c/a\u003e\n\n### Works on \n\n- Python (2.5-7.*)\n- Python (3.5-7.*)\n\n### Download \u0026 Use\n\n***wget***\n\n\twget https://raw.githubusercontent.com/Anon-Exploiter/SUID3NUM/master/suid3num.py --no-check-certificate \u0026\u0026 chmod 777 suid3num.py\n\n***curl***\n\n\tcurl -k https://raw.githubusercontent.com/Anon-Exploiter/SUID3NUM/master/suid3num.py --output suid3num.py \u0026\u0026 chmod 777 suid3num.py\n\t\n### Tested on\n\n- Pop! OS 18.04 LTS\n- Ubuntu 18.04 LTS\n- Nebula\n- Kali Linux (PWK VM)\n \n### Usage\n\n***Initializing Script***\n\n\tpython suid3num.py\n\n***Doing Auto Exploitation of found custom SUID binaries***\n\n\tpython suid3num.py -e\n\n### Output\n\n\u003cimg src=\"https://i.imgur.com/zaDb93l.png\" /\u003e\n\u003cimg src=\"https://i.imgur.com/XOqNsjq.png\" /\u003e\n\u003cimg src=\"https://i.imgur.com/2skqTXo.png\" /\u003e\n\u003cimg src=\"https://i.imgur.com/gBabtgR.png\" /\u003e\n\u003cimg src=\"https://i.imgur.com/GCLgIOO.png\" /\u003e\n\n### Auto Exploitation of SUID Bins\n\n[![asciicast](https://asciinema.org/a/343572.svg)](https://asciinema.org/a/343572)\n\n### Note \n\u003cpre\u003e\u003ccode\u003ePlease run the script after going through what it does \u0026 with prior knowledge of SUID bins.\nP.S ~ Don't run with `-e` parameter, if you don't know what you're doing!\n\u003c/code\u003e\u003c/pre\u003e\n\n### Stargazers Chart\n[![Stargazers over time](https://starchart.cc/Anon-Exploiter/SUID3NUM.svg)](https://starchart.cc/Anon-Exploiter/SUID3NUM)\n\n### Shoutouts\nShoutout to [Zeeshan Sahi](https://www.linkedin.com/in/zeeshan-sahi-366238117/) \u0026 [Bilal Rizwan](https://github.com/th3-3inst3in) for their ideas and contribution. Also, thanks to [Cyrus](https://github.com/cyrus-and) for [GTFO Bins](https://gtfobins.github.io/) \u003c3\n\nLet me know, what you think of this script at [@syed__umar](https://twitter.com/@syed__umar) ≧◡≦\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanon-exploiter%2Fsuid3num","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanon-exploiter%2Fsuid3num","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanon-exploiter%2Fsuid3num/lists"}