GTFONow
GTFONow is an automated privilege escalation tool for Unix systems that exploits misconfigurations in sudo, setuid/setgid binaries, and capabilities. It is purpose-built for CTF environments and penetration testing, offering payload automation based on the GTFOBins database with no external dependencies.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | Frissi0n/GTFONow |
| Owner | Frissi0n |
| Primary language | Python |
| License | MIT — OSI-approved |
| Stars | 636 |
| Forks | 74 |
| Open issues | 45 |
| Latest release | v0.3.0 (2024-06-26) |
| Last updated | 2026-07-03 |
| Source | https://github.com/Frissi0n/GTFONow |
What GTFONow is
A Python-based post-exploitation utility that automatically identifies and exploits privilege escalation vectors including misconfigured sudo rules, setuid/setgid binaries, and Linux capabilities. It runs as a stdlib-only script compatible with Python 2 and 3 across Unix variants and architectures, supporting risk-tiered exploitation modes and file read/write primitive conversions.
Get the GTFONow source
Clone the repository and explore it locally.
git clone https://github.com/Frissi0n/GTFONow.gitcd GTFONow# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Python runtime on target system; no pre-compiled binaries reduce deployment friction but tie execution to interpreter availability.
- Single-file design enables fileless execution via curl pipe; verify hash and source authenticity before running over network.
- Compatibility with Python 2 and 3 across architectures (x86, ARM64) is broad but Python 2 reached EOL in 2020; validate environment support.
- Risk level 2 modes perform destructive filesystem operations; staging in isolated lab environments with snapshots is critical before any live engagement.
- Relies on GTFOBins payloads; ensure local GTFOBins database is current or tool fetches fresh data to avoid false negatives from outdated exploit paths.
When to avoid it — and what to weigh
- Production System Hardening — Not designed for system administrators or security teams securing production environments. Use hardening tools and compliance frameworks instead.
- Unauthorized Access Scenarios — This tool is explicitly offensive. Legal authority and written permission are mandatory; unauthorized use violates computer fraud and cybercrime laws in most jurisdictions.
- Risk Level 2 on Live Systems Without Full Understanding — Risk level 2 performs aggressive file modifications (cron writes, SSH key drops, LD_PRELOAD injection). Documentation warns this is CTF-oriented; live engagement use requires deep knowledge of consequences.
- Supply Chain or Software Development Contexts — Not applicable to application development, CI/CD security, or DevOps contexts. It is a post-exploitation tool for Unix system compromise scenarios only.
License & commercial use
Licensed under MIT (MIT License), a permissive OSI-approved license permitting commercial use, modification, and distribution with attribution and no warranty.
MIT license permits commercial use in products and services provided original copyright notice is retained and no warranty is offered. However, this tool is explicitly offensive; commercial use in penetration testing requires client authorization. Redistribution in commercial security tools must include attribution and license text. Review your engagement agreement and terms of service.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Possible |
| Assessment confidence | High |
This is an offensive exploitation tool; security considerations center on operational security and authorization. No claims about tool security posture are made in data. Key concerns: (1) Requires Python execution on target—verify interpreter is trustworthy; (2) Risk level 2 performs destructive writes (cron, SSH, LD_PRELOAD)—test in isolated labs first; (3) Fileless execution via curl pipes increases supply chain risk—verify script hash and source; (4) Relies on GTFOBins payload database—outdated payloads may fail silently; (5) No obfuscation or evasion features—detection by endpoint tools is likely in hardened environments. Use only in authorized engagements with explicit scoping.
Alternatives to consider
LinPEAS / PEASS-ng
Comprehensive privilege escalation enumeration tool covering more vectors but requires interpretation and manual exploitation; less automation but more information density.
Exploit Suggester (linux-exploit-suggester, kernel-exploits databases)
Focuses on kernel and known CVE exploitation; complements GTFONow for environment-specific vulnerabilities but requires separate payload delivery.
Metasploit Framework (post-exploitation modules)
Full-featured framework with automated exploitation, staged payloads, and multi-protocol support; higher complexity but richer integration with red team workflows.
Build on GTFONow with DEV.co software developers
If you are running authorized penetration tests or CTF competitions, review GTFONow's automated privilege escalation capabilities. Test in isolated labs first, validate risk level 2 impacts, and ensure client authorization is documented. For production hardening, consider LinPEAS enumeration or Metasploit integration instead.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
GTFONow FAQ
Can I run GTFONow on production systems?
Does GTFONow require internet access?
What is the difference between risk levels 1 and 2?
Will GTFONow be detected by antivirus or EDR tools?
Software development & web development with DEV.co
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If GTFONow is part of your open-source security roadmap, our team can implement, customize, migrate, and maintain it.
Evaluate GTFONow for Your Security Program
If you are running authorized penetration tests or CTF competitions, review GTFONow's automated privilege escalation capabilities. Test in isolated labs first, validate risk level 2 impacts, and ensure client authorization is documented. For production hardening, consider LinPEAS enumeration or Metasploit integration instead.