{"id":13509442,"url":"https://github.com/liamg/traitor","last_synced_at":"2025-05-13T20:10:01.147Z","repository":{"id":37455382,"uuid":"332424498","full_name":"liamg/traitor","owner":"liamg","description":":arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock","archived":false,"fork":false,"pushed_at":"2024-03-12T21:01:14.000Z","size":4623,"stargazers_count":6862,"open_issues_count":23,"forks_count":652,"subscribers_count":121,"default_branch":"main","last_synced_at":"2025-04-28T10:55:26.686Z","etag":null,"topics":["cve-2021-3560","cve-2022-0847","dirtypipe","exploit","gtfobins","hackthebox","infosec","privesc","privilege-escalation","redteam-tools","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/liamg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["liamg"]}},"created_at":"2021-01-24T10:50:15.000Z","updated_at":"2025-04-28T03:18:03.000Z","dependencies_parsed_at":"2022-07-17T04:30:40.350Z","dependency_job_id":"6e43f030-7fb1-4ffb-92f0-658f98a6eb15","html_url":"https://github.com/liamg/traitor","commit_stats":{"total_commits":59,"total_committers":5,"mean_commits":11.8,"dds":0.2033898305084746,"last_synced_commit":"0d221ba0d0e6abf48e7ec602eac03ac45381f24e"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liamg%2Ftraitor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liamg%2Ftraitor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liamg%2Ftraitor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liamg%2Ftraitor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/liamg","download_url":"https://codeload.github.com/liamg/traitor/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254020606,"owners_count":22000753,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2021-3560","cve-2022-0847","dirtypipe","exploit","gtfobins","hackthebox","infosec","privesc","privilege-escalation","redteam-tools","security-tools"],"created_at":"2024-08-01T02:01:07.816Z","updated_at":"2025-05-13T20:10:01.113Z","avatar_url":"https://github.com/liamg.png","language":"Go","readme":"# Traitor\n\nAutomatically exploit low-hanging fruit to pop a root shell. Linux privilege escalation made easy!\n\nTraitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities in order to pop a root shell:\n\n- Nearly all of [GTFOBins](https://gtfobins.github.io/)\n- Writeable docker.sock\n- CVE-2022-0847 (Dirty pipe)\n- CVE-2021-4034 (pwnkit)\n- CVE-2021-3560\n\n![Demo](demo.gif)\n\nIt'll exploit most sudo privileges listed in GTFOBins to pop a root shell, as well as exploiting issues like a writable `docker.sock`, or the recent dirty pipe (CVE-2022-0847). More routes to root will be added over time too.\n\n## Usage\n\nRun with no arguments to find potential vulnerabilities/misconfigurations which could allow privilege escalation. Add the `-p` flag if the current user password is known. The password will be requested if it's needed to analyse sudo permissions etc.\n\n```bash\ntraitor -p\n```\n\nRun with the `-a`/`--any` flag to find potential vulnerabilities, attempting to exploit each, stopping if a root shell is gained. Again, add the `-p` flag if the current user password is known.\n\n```bash\ntraitor -a -p\n```\n\nRun with the `-e`/`--exploit` flag to attempt to exploit a specific vulnerability and gain a root shell.\n\n```bash\ntraitor -p -e docker:writable-socket\n```\n\n## Supported Platforms\n\nTraitor will run on all Unix-like systems, though certain exploits will only function on certain systems.\n\n## Getting Traitor\n\nGrab a binary from the [releases page](https://github.com/liamg/traitor/releases), or use go:\n\n```\nCGO_ENABLED=0 go get -u github.com/liamg/traitor/cmd/traitor\n```\n\nFor go1.18:\n\n```\nCGO_ENABLED=0 go install github.com/liamg/traitor/cmd/traitor@latest\n```\n\nIf the machine you're attempting privesc on cannot reach GitHub to download the binary, and you have no way to upload the binary to the machine over SCP/FTP etc., then you can try base64 encoding the binary on your machine, and echoing the base64 encoded string to `| base64 -d \u003e /tmp/traitor` on the target machine, remembering to `chmod +x` it once it arrives.\n\n## In The News\n- 20/06/21: [Console 58](https://console.substack.com/p/console-58) - Awesome newsletter featuring tools and beta releases for developers.\n- 28/04/21: [Intigriti Bug Bytes #120](https://blog.intigriti.com/2021/04/28/bug-bytes-120-macos-pwned-homebrew-rce-the-worlds-shortest-backdoor/) - Recommended tools\n- 09/03/21: [Hacker News thread](https://news.ycombinator.com/item?id=26224719)\n","funding_links":["https://github.com/sponsors/liamg"],"categories":["Go","Github resources","红队\u0026渗透测试","security-tools","Linux","Mobile"],"sub_categories":["Posts from Hacker101 members on how to get started hacking","Tools","Linux/ *Nix"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fliamg%2Ftraitor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fliamg%2Ftraitor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fliamg%2Ftraitor/lists"}