SUIDump is a Python script designed to help identify potential privilege escalation vectors in Linux systems by analyzing setuid (SUID) binaries. SUID binaries are executable programs that run with the privileges of the file owner, potentially allowing unauthorized users to escalate their privileges.
This tool automates the process of:
- Discovering SUID binaries on the system.
- Checking each SUID binary for known privilege escalation vectors using GTFOBins, a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
SUIDump provides a convenient way to assess the security of a Linux system and identify binaries that may pose a security risk. It offers both standard and verbose scanning modes, making it suitable for both quick assessments and in-depth security audits.
- Automated discovery of SUID binaries on the system.
- Integration with GTFOBins for identifying potential privilege escalation vectors.
- Customizable scanning options, including verbose mode.
- Rate limiting handling for checking GTFOBins (retries with a delay).
- User-friendly command-line interface.
Install SUIDump by using git
git clone https://github.com/lypd0/SUIDump && cd SUIDump && python3 SUIDump.py -h
Deploy SUIDump by running the script using python3:
python3 SUIDump.py -h
or by using the following download&execute oneliner for dynamical deployment (using custom domain to avoid token limitations, feel free to replace URL with github raw):
curl https://cdn.lypd0.com/suidump | python3
offline oneliner (no download or internet connection required, for CTFs)
clear && echo "IyBTVUlEdW1wIC0gU1VJRCBQcml2aWxlZ2UgRXNjYWxhdGlvbiBDaGVja2VyCiMgVmVyc2lvbjogMS4wMi1vZmZsaW5lCiMgQXV0aG9yOiBseXBkMAojIEdpdEh1YiBSZXBvc2l0b3J5OiBodHRwczovL2dpdGh1Yi5jb20vbHlwZDAvU1VJRHVtcAoKaW1wb3J0IG9zCmltcG9ydCBhcmdwYXJzZQppbXBvcnQgc3VicHJvY2VzcwppbXBvcnQgdGltZQoKIyBMaXN0IG9mIFNVSUQgYmluYXJ5IG5hbWVzCnN1aWRfYmluYXJ5X25hbWVzID0gc2V0KFsKICAgICJhYS1leGVjIiwgImFiIiwgImFnZXR0eSIsICJhbHBpbmUiLCAiYXIiLCAiYXJqIiwgImFycCIsICJhcyIsICJhc2NpaS14ZnIiLCAiYXNoIiwgImFzcGVsbCIsICJhdG9ibSIsCiAgICAiYXdrIiwgImJhc2UzMiIsICJiYXNlNjQiLCAiYmFzZW5jIiwgImJhc2V6IiwgImJhc2giLCAiYmMiLCAiYnJpZGdlIiwgImJ1c3lib3giLCAiYnppcDIiLCAiY2FiYWwiLCAiY2Fwc2giLAogICAgImNhdCIsICJjaG1vZCIsICJjaG9vbSIsICJjaG93biIsICJjaHJvb3QiLCAiY2xhbXNjYW4iLCAiY21wIiwgImNvbHVtbiIsICJjb21tIiwgImNwIiwgImNwaW8iLCAiY3B1bGltaXQiLAogICAgImNzaCIsICJjc3BsaXQiLCAiY3N2dG9vbCIsICJjdXBzZmlsdGVyIiwgImN1cmwiLCAiY3V0IiwgImRhc2giLCAiZGF0ZSIsICJkZCIsICJkZWJ1Z2ZzIiwgImRpYWxvZyIsICJkaWZmIiwKICAgICJkaWciLCAiZGlzdGNjIiwgImRtc2V0dXAiLCAiZG9ja2VyIiwgImRvc2JveCIsICJlZCIsICJlZmF4IiwgImVsdmlzaCIsICJlbWFjcyIsICJlbnYiLCAiZXFuIiwgImVzcGVhayIsCiAgICAiZXhwYW5kIiwgImV4cGVjdCIsICJmaWxlIiwgImZpbmQiLCAiZmlzaCIsICJmbG9jayIsICJmbXQiLCAiZm9sZCIsICJnYXdrIiwgImdjb3JlIiwgImdkYiIsICJnZW5pZSIsCiAgICAiZ2VuaXNvaW1hZ2UiLCAiZ2ltcCIsICJncmVwIiwgImd0ZXN0ZXIiLCAiZ3ppcCIsICJoZCIsICJoZWFkIiwgImhleGR1bXAiLCAiaGlnaGxpZ2h0IiwgImhwaW5nMyIsCiAgICAiaWNvbnYiLCAiaW5zdGFsbCIsICJpb25pY2UiLCAiaXAiLCAiaXNwZWxsIiwgImpqcyIsICJqb2luIiwgImpxIiwgImpydW5zY3JpcHQiLCAianVsaWEiLCAia3NoIiwgImtzc2hlbGwiLAogICAgImt1YmVjdGwiLCAibGVzcyIsICJsb2dzYXZlIiwgImxvb2siLCAibHVhIiwgIm1ha2UiLCAibWF3ayIsICJtb3JlIiwgIm1vc3F1aXR0byIsICJtc2dhdHRyaWIiLCAibXNnY2F0IiwKICAgICJtc2djb252IiwgIm1zZ2ZpbHRlciIsICJtc2dtZXJnZSIsICJtc2d1bmlxIiwgIm11bHRpdGltZSIsICJtdiIsICJuYXNtIiwgIm5hd2siLCAibmNmdHAiLCAibmZ0IiwgIm5pY2UiLAogICAgIm5sIiwgIm5tIiwgIm5tYXAiLCAibm9kZSIsICJub2h1cCIsICJvZCIsICJvcGVuc3NsIiwgIm9wZW52cG4iLCAicGFuZG9jIiwgInBhc3RlIiwgInBlcmYiLCAicGVybCIsCiAgICAicGV4ZWMiLCAicGciLCAicGhwIiwgInBpZHN0YXQiLCAicHIiLCAicHR4IiwgInB5dGhvbiIsICJyYyIsICJyZWFkZWxmIiwgInJlc3RpYyIsICJyZXYiLCAicmx3cmFwIiwKICAgICJyc3luYyIsICJydG9ycmVudCIsICJydW4tcGFydHMiLCAicnZpZXciLCAicnZpbSIsICJzYXNoIiwgInNjYW5tZW0iLCAic2VkIiwgInNldGFyY2giLCAic2V0ZmFjbCIsCiAgICAic2V0bG9jayIsICJzaHVmIiwgInNvZWxpbSIsICJzb2Z0bGltaXQiLCAic29ydCIsICJzcWxpdGUzIiwgInNzIiwgInNzaC1hZ2VudCIsICJzc2gta2V5Z2VuIiwKICAgICJzc2gta2V5c2NhbiIsICJzc2hwYXNzIiwgInN0YXJ0LXN0b3AtZGFlbW9uIiwgInN0ZGJ1ZiIsICJzdHJhY2UiLCAic3RyaW5ncyIsICJzeXNjdGwiLCAic3lzdGVtY3RsIiwKICAgICJ0YWMiLCAidGFpbCIsICJ0YXNrc2V0IiwgInRibCIsICJ0Y2xzaCIsICJ0ZWUiLCAidGVycmFmb3JtIiwgInRmdHAiLCAidGljIiwgInRpbWUiLCAidGltZW91dCIsCiAgICAidHJvZmYiLCAidWwiLCAidW5leHBhbmQiLCAidW5pcSIsICJ1bnNoYXJlIiwgInVuc3F1YXNoZnMiLCAidW56aXAiLCAidXBkYXRlLWFsdGVybmF0aXZlcyIsICJ1dWRlY29kZSIsCiAgICAidXVlbmNvZGUiLCAidmFncmFudCIsICJ2aWV3IiwgInZpZ3IiLCAidmltIiwgInZpbWRpZmYiLCAidmlwdyIsICJ3M20iLCAid2F0Y2giLCAid2MiLCAid2dldCIsCiAgICAid2hpcHRhaWwiLCAieGFyZ3MiLCAieGRvdG9vbCIsICJ4bW9kbWFwIiwgInhtb3JlIiwgInh4ZCIsICJ4eiIsICJ5YXNoIiwgInpzaCIsICJ6c29lbGltIgpdKQoKIyBGdW5jdGlvbiB0byBmaW5kIFNVSUQgYmluYXJpZXMKZGVmIGZpbmRfc3VpZF9iaW5hcmllcygpOgogICAgc3VpZF9iaW5hcmllcyA9IFtdCiAgICB0cnk6CiAgICAgICAgIyBUcmF2ZXJzZSB0aGUgZmlsZXN5c3RlbSB0byBmaW5kIFNVSUQgYmluYXJpZXMKICAgICAgICBmb3Igcm9vdCwgXywgZmlsZXMgaW4gb3Mud2FsaygnLycpOgogICAgICAgICAgICBmb3IgZmlsZW5hbWUgaW4gZmlsZXM6CiAgICAgICAgICAgICAgICBmaWxlcGF0aCA9IG9zLnBhdGguam9pbihyb290LCBmaWxlbmFtZSkKICAgICAgICAgICAgICAgICMgQ2hlY2sgaWYgdGhlIGZpbGUgaXMgZXhlY3V0YWJsZSBhbmQgaGFzIHRoZSBTVUlEIGJpdCBzZXQKICAgICAgICAgICAgICAgIGlmIG9zLmFjY2VzcyhmaWxlcGF0aCwgb3MuWF9PSykgYW5kIG9zLnN0YXQoZmlsZXBhdGgpLnN0X21vZGUgJiAwbzQwMDA6CiAgICAgICAgICAgICAgICAgICAgc3VpZF9iaW5hcmllcy5hcHBlbmQoZmlsZXBhdGgpCiAgICBleGNlcHQgS2V5Ym9hcmRJbnRlcnJ1cHQ6CiAgICAgICAgcHJpbnQoIlxuXDAzM1szMW1bLV1cMDMzWzBtIFNjYW4gaW50ZXJydXB0ZWQgYnkgdGhlIHVzZXIuIikKICAgICAgICBleGl0KDEpCiAgICBleGNlcHQgRXhjZXB0aW9uIGFzIGU6CiAgICAgICAgIyBIYW5kbGUgYW55IGV4Y2VwdGlvbnMgdGhhdCBtYXkgb2NjdXIgZHVyaW5nIHRoZSBzZWFyY2gKICAgICAgICBwcmludChmIlwwMzNbMzFtWy1dXDAzM1swbSBFcnJvciB3aGlsZSBmaW5kaW5nIFNVSUQgYmluYXJpZXM6IHtzdHIoZSl9IikKICAgIHJldHVybiBzdWlkX2JpbmFyaWVzCgojIEZ1bmN0aW9uIHRvIGNoZWNrIFNVSUQgYmluYXJpZXMgYWdhaW5zdCBHVEZPQmlucwpkZWYgY2hlY2tfbG9jYWxfYmluYXJ5KGJpbmFyeV9uYW1lLCB2ZXJib3NlPUZhbHNlLCByZXRyaWVzPTMsIHJldHJ5X2RlbGF5PTUpOgogICAgdHJ5OgogICAgICAgIGlmIGJpbmFyeV9uYW1lIGluIHN1aWRfYmluYXJ5X25hbWVzOgogICAgICAgICAgICBwcmludChmIlxuXDAzM1sxOzMybVsrXVwwMzNbMG0ge2JpbmFyeV9uYW1lfSAtLT4gcG90ZW50aWFsIHZlY3RvciBmb3VuZCIpCiAgICAgICAgICAgIHJldHVybiBUcnVlCiAgICAgICAgZWxzZToKICAgICAgICAgICAgaWYgdmVyYm9zZToKICAgICAgICAgICAgICAgIHByaW50KGYiXDAzM1szNm1bKl1cMDMzWzBtIHtiaW5hcnlfbmFtZX0gLS0+IG5vdCB2dWxuZXJhYmxlIikKICAgIGV4Y2VwdCBLZXlib2FyZEludGVycnVwdDoKICAgICAgICBwcmludCgiXG5cMDMzWzMxbVstXVwwMzNbMG0gU2NhbiBpbnRlcnJ1cHRlZCBieSB0aGUgdXNlci4iKQogICAgICAgIGV4aXQoMSkKICAgIGV4Y2VwdCBFeGNlcHRpb24gYXMgZToKICAgICAgICBpZiByZXRyaWVzID4gMDoKICAgICAgICAgICAgIyBIYW5kbGUgcmV0cmllcwogICAgICAgICAgICBwcmludChmIlwwMzNbMzFtWy1dXDAzM1swbSBFcnJvciB3aGlsZSBjaGVja2luZyB7YmluYXJ5X25hbWV9LCByZXRyeWluZy4uLiIpCiAgICAgICAgICAgIHRpbWUuc2xlZXAocmV0cnlfZGVsYXkpCiAgICAgICAgICAgIGNoZWNrX2xvY2FsX2JpbmFyeShiaW5hcnlfbmFtZSwgdmVyYm9zZSwgcmV0cmllcyAtIDEpCiAgICAgICAgZWxzZToKICAgICAgICAgICAgcHJpbnQoZiJcMDMzWzMxbVstXVwwMzNbMG0gRXJyb3Igd2hpbGUgY2hlY2tpbmcge2JpbmFyeV9uYW1lfSIpCiAgICByZXR1cm4gRmFsc2UKCiMgTWFpbiBmdW5jdGlvbgpkZWYgbWFpbigpOgogICAgcHJpbnQoIiAiKQogICAgcHJpbnQoIlwwMzNbMTszNm0gICtcMDMzWzBtIC4tLiAuIC4gLi0uIC4tLiAuIC4gLiAgLiAuLS4gXDAzM1sxOzM2bSsgIikKICAgIHByaW50KCJcMDMzWzE7MzZtICsgXDAzM1swbSBgLS4gfCB8ICB8ICB8ICApfCB8IHxcL3wgfC0nIFwwMzNbMTszNm0gKyAiKSAgIAogICAgcHJpbnQoIlwwMzNbMTszNm0gICtcMDMzWzBtIGAtJyBgLScgYC0nIGAtJyBgLScgJyAgYCAnICAgXDAzM1sxOzM2bSsgIikKICAgIHByaW50KCJcMDMzWzM2bSAgICAgICA8XDAzM1swbSAxLjAyLW9cMDMzWzM2bSBAXDAzM1swbSBseXBkMC5jb21cMDMzWzM2bSA+XG5cMDMzWzBtIikKICAgIHByaW50KCIiKQoKICAgIHBhcnNlciA9IGFyZ3BhcnNlLkFyZ3VtZW50UGFyc2VyKGRlc2NyaXB0aW9uPSJTVUlEIFByaXZpbGVnZSBFc2NhbGF0aW9uIENoZWNrZXIiKQogICAgcGFyc2VyLmFkZF9hcmd1bWVudCgiLXYiLCAiLS12ZXJib3NlIiwgYWN0aW9uPSJzdG9yZV90cnVlIiwgaGVscD0iUHJpbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbiBkdXJpbmcgc2NhbiIpCiAgICBhcmdzID0gcGFyc2VyLnBhcnNlX2FyZ3MoKQoKICAgIHByaW50KGYiXDAzM1szNm1bfl1cMDMzWzBtIENvbGxlY3RpbmcgU1VJRCBmaWxlcy4uLiIpCiAgICBzdWlkX2JpbmFyaWVzID0gZmluZF9zdWlkX2JpbmFyaWVzKCkKICAgIHByaW50KGYiXDAzM1szNm1bfl1cMDMzWzBtIENvbGxlY3RlZCAoe2xlbihzdWlkX2JpbmFyaWVzKX0pIFNVSUQgYmluYXJpZXMuIikKICAgIHByaW50KGYiXDAzM1szNm1bfl1cMDMzWzBtIFNjYW5uaW5nLi4uIikKCiAgICBpZiBub3Qgc3VpZF9iaW5hcmllczoKICAgICAgICBwcmludCgiXDAzM1szMW1bLV1cMDMzWzBtIE5vIFNVSUQgYmluYXJpZXMgZm91bmQuIikKICAgICAgICByZXR1cm4KCiAgICBmb3IgYmluYXJ5X3BhdGggaW4gc3VpZF9iaW5hcmllczoKICAgICAgICB0aW1lLnNsZWVwKDAuMDUpCiAgICAgICAgYmluYXJ5X25hbWUgPSBvcy5wYXRoLmJhc2VuYW1lKGJpbmFyeV9wYXRoKQogICAgICAgIGlmIGNoZWNrX2xvY2FsX2JpbmFyeShiaW5hcnlfbmFtZSwgYXJncy52ZXJib3NlKToKICAgICAgICAgICAgcHJpbnQoIlwwMzNbMzRtICAgID5cMDMzWzBtIFBvdGVudGlhbFwwMzNbMTszMm0gVlVMTkVSQUJMRVwwMzNbMG0gYmluYXJ5IGZvdW5kIikKICAgICAgICAgICAgcHJpbnQoZiJcMDMzWzM0bSAgICA+XDAzM1swbSBMb2NhdGlvbjpcMDMzWzM7OTBtIHtiaW5hcnlfcGF0aH0iKQogICAgICAgICAgICBwcmludChmIlwwMzNbMzRtICAgID5cMDMzWzBtIEV4cGxvaXQ6XDAzM1szOzkwbSBodHRwczovL2d0Zm9iaW5zLmdpdGh1Yi5pby9ndGZvYmlucy97YmluYXJ5X25hbWV9I3N1aWRcblwwMzNbMG0iKQogICAgICAgICAgICAKICAgIHByaW50KCJcMDMzWzM2bVt+XVwwMzNbMG0gU2NhbiB0ZXJtaW5hdGVkLlxuICIpICAgICAgIAoKaWYgX19uYW1lX18gPT0gIl9fbWFpbl9fIjoKICAgIG1haW4oKQo=" | base64 -d | python3
Contributions, bug reports, and feature requests are welcome! Feel free to open an issue or submit a pull request.
SUIDump acknowledges and expresses gratitude to the GTFOBins project for providing a valuable resource that makes privilege escalation vector identification more accessible.
This project is licensed under the MIT License. Please review the LICENSE file for more details.