Added support for HijackLibs

nccgroup · Feb 21, 2023 · 6b8f4a5 · 6b8f4a5
1 parent d5a5579
commit 6b8f4a5
Show file tree

Hide file tree

Showing 3 changed files with 307 additions and 83 deletions.
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # GTFOBLookup
-Offline command line lookup utility for [GTFOBins](https://gtfobins.github.io/), [LOLBAS](https://lolbas-project.github.io/), and [WADComs](https://wadcoms.github.io).
+Offline command line lookup utility for [GTFOBins](https://gtfobins.github.io/), [LOLBAS](https://lolbas-project.github.io/), [WADComs](https://wadcoms.github.io), and [HijackLibs](https://hijacklibs.net/).
 
 ## Files
 - **.gitignore**: Gitignore file
@@ -26,7 +26,7 @@ To install GTFOBLookup, git clone the repository to your machine and run `gtfobl
 ## Usage
 On Linux, navigate to the GTFOBLookup directory and run `man ./gtfoblookup.1` or see below:
 <pre>
-gtfoblookup.py [-h] {update,purge,gtfobins,lolbas,wadcoms} ...
+gtfoblookup.py [-h] {update,purge,gtfobins,lolbas,wadcoms,hijacklibs} ...
 
 OPTIONS
    Sub-commands
@@ -45,6 +45,9 @@ OPTIONS
        gtfoblookup.py wadcoms
               search the local copy of WADComs
 
+       gtfoblookup.py hijacklibs
+              search the local copy of HijackLibs
+
 OPTIONS 'gtfoblookup.py update'
        usage: gtfoblookup.py update [-h] [-r repo]
 
@@ -155,4 +158,36 @@ OPTIONS 'gtfoblookup.py wadcoms search'
 
        -f, --file
               use a file containing a list of executables (one per line) instead of a single executable
+
+OPTIONS 'gtfoblookup.py hijacklibs'
+       usage: gtfoblookup.py hijacklibs [-h] {list,search} ...
+
+  Sub-commands 'gtfoblookup.py hijacklibs'
+       gtfoblookup.py hijacklibs list
+              list all types/categories/executables/prerequisites/services/attack types/OSs featured in the local copy of HijackLibs
+
+       gtfoblookup.py hijacklibs search
+              searchthe HijackLibs repository
+
+OPTIONS 'gtfoblookup.py hijacklibs list'
+       usage: gtfoblookup.py hijacklibs list [-h] attribute
+
+       attribute
+              the attribute to list
+
+  Sub-commands 'gtfoblookup.py hijacklibs search'
+       usage: gtfoblookup.py hijacklibs search [-h] [-a attack_types] [-v vendors] [-f] executable
+
+       executable
+              the executable to search for (use "all" to show results for all executables)
+
+OPTIONS 'gtfoblookup.py hijacklibs search'
+       -a attack_types, --attacktype attack_types
+              search for executables that can be used for aspecific type or types (comma separated) of attacks
+
+       -v vendors, --vendor vendors
+              search for executables from a specific vendor or vendors (comma separated)
+
+       -f, --file
+              use a file containing a list of executables (one per line) instead of a single executable
 </pre>
diff --git a/gtfoblookup.1 b/gtfoblookup.1
@@ -1,16 +1,14 @@
-.TH gtfoblookup.py "1" Manual
+.TH GTFOBLOOKUP.PY "1" "2023\-02\-21" "GTFOBLookup" "Generated Python Manual"
 .SH NAME
 gtfoblookup.py
 .SH SYNOPSIS
 .B gtfoblookup.py
-[-h] {update,purge,gtfobins,lolbas,wadcoms} ...
+[-h] {update,purge,gtfobins,lolbas,wadcoms,hijacklibs} ...
 .SH DESCRIPTION
-Offline command line lookup utility for GTFOBins
-(https://gtfobins.github.io/), LOLBAS(https://lolbas\-project.github.io/), and
-WADComs (https://wadcoms.github.io)
-.SH OPTIONS
-.SS
-\fBSub-commands\fR
+Offline command line lookup utility for GTFOBins (https://gtfobins.github.io/), LOLBAS(https://lolbas\-project.github.io/), WADComs (https://wadcoms.github.io), HijackLibs (https://hijacklibs.net/)
+
+.SH
+POSITIONAL ARGUMENTS
 .TP
 \fBgtfoblookup.py\fR \fI\,update\/\fR
 update local copies of repositories
@@ -26,144 +24,149 @@ search the local copy of LOLBAS
 .TP
 \fBgtfoblookup.py\fR \fI\,wadcoms\/\fR
 search the local copy of WADComs
-.SH OPTIONS 'gtfoblookup.py update'
-usage: gtfoblookup.py update [-h] [-r repo]
+.TP
+\fBgtfoblookup.py\fR \fI\,hijacklibs\/\fR
+search the local copy of HijackLibs
 
+.SH COMMAND \fI\,'gtfoblookup.py update'\/\fR
+usage: gtfoblookup.py update [\-h] [\-r repo]
 
+.SH OPTIONS \fI\,'gtfoblookup.py update'\/\fR
 .TP
-\fB\-r\fR repo, \fB\-\-repo\fR repo
+\fB\-r\fR \fI\,repo\/\fR, \fB\-\-repo\fR \fI\,repo\/\fR
 Only update the specified repository
 
-.SH OPTIONS 'gtfoblookup.py purge'
-usage: gtfoblookup.py purge [-h] [-r repo]
-
+.SH COMMAND \fI\,'gtfoblookup.py purge'\/\fR
+usage: gtfoblookup.py purge [\-h] [\-r repo]
 
+.SH OPTIONS \fI\,'gtfoblookup.py purge'\/\fR
 .TP
-\fB\-r\fR repo, \fB\-\-repo\fR repo
+\fB\-r\fR \fI\,repo\/\fR, \fB\-\-repo\fR \fI\,repo\/\fR
 Only delete the specified repository
 
-.SH OPTIONS 'gtfoblookup.py gtfobins'
-usage: gtfoblookup.py gtfobins [-h] {list,search} ...
+.SH COMMAND \fI\,'gtfoblookup.py gtfobins'\/\fR
+usage: gtfoblookup.py gtfobins [\-h] {list,search} ...
 
-.SS
-\fBSub-commands\fR
+.SH
+POSITIONAL ARGUMENTS \fI\,'gtfoblookup.py gtfobins'\/\fR
 .TP
 \fBgtfoblookup.py gtfobins\fR \fI\,list\/\fR
 list all types/categories/executables/prerequisites/services/attack types/OSs featured in the local copy of GTFOBins
 .TP
 \fBgtfoblookup.py gtfobins\fR \fI\,search\/\fR
 searchthe GTFOBins repository
-.SH OPTIONS 'gtfoblookup.py gtfobins list'
-usage: gtfoblookup.py gtfobins list [-h] attribute
+
+.SH COMMAND \fI\,'gtfoblookup.py gtfobins list'\/\fR
+usage: gtfoblookup.py gtfobins list [\-h] attribute
 
 .TP
 \fBattribute\fR
 the attribute to list
 
-
-.SH OPTIONS 'gtfoblookup.py gtfobins search'
-usage: gtfoblookup.py gtfobins search [-h] [-c categories] [-f] executable
+.SH COMMAND \fI\,'gtfoblookup.py gtfobins search'\/\fR
+usage: gtfoblookup.py gtfobins search [\-h] [\-c categories] [\-f] executable
 
 .TP
 \fBexecutable\fR
-the executable to search for
+the executable to search for (use "all" to show results for all executables)
 
+.SH OPTIONS \fI\,'gtfoblookup.py gtfobins search'\/\fR
 .TP
-\fB\-c\fR categories, \fB\-\-category\fR categories
+\fB\-c\fR \fI\,categories\/\fR, \fB\-\-category\fR \fI\,categories\/\fR
 category or categories (comma separated) to search in
 
 .TP
 \fB\-f\fR, \fB\-\-file\fR
 use a file containing a list of executables (one per line) instead of a single
 executable
 
+.SH COMMAND \fI\,'gtfoblookup.py lolbas'\/\fR
+usage: gtfoblookup.py lolbas [\-h] {list,search} ...
 
-.SH OPTIONS 'gtfoblookup.py lolbas'
-usage: gtfoblookup.py lolbas [-h] {list,search} ...
-
-.SS
-\fBSub-commands\fR
+.SH
+POSITIONAL ARGUMENTS \fI\,'gtfoblookup.py lolbas'\/\fR
 .TP
 \fBgtfoblookup.py lolbas\fR \fI\,list\/\fR
 list all types/categories/executables/prerequisites/services/attack types/OSs featured in the local copy of LOLBAS
 .TP
 \fBgtfoblookup.py lolbas\fR \fI\,search\/\fR
 searchthe LOLBAS repository
-.SH OPTIONS 'gtfoblookup.py lolbas list'
-usage: gtfoblookup.py lolbas list [-h] attribute
+
+.SH COMMAND \fI\,'gtfoblookup.py lolbas list'\/\fR
+usage: gtfoblookup.py lolbas list [\-h] attribute
 
 .TP
 \fBattribute\fR
 the attribute to list
 
-
-.SH OPTIONS 'gtfoblookup.py lolbas search'
-usage: gtfoblookup.py lolbas search [-h] [-c categories] [-t types] [-f]
-                                      executable
+.SH COMMAND \fI\,'gtfoblookup.py lolbas search'\/\fR
+usage: gtfoblookup.py lolbas search [\-h] [\-c categories] [\-t types] [\-f]
+                                    executable
 
 .TP
 \fBexecutable\fR
-the executable to search for
+the executable to search for (use "all" to show results for all executables)
 
+.SH OPTIONS \fI\,'gtfoblookup.py lolbas search'\/\fR
 .TP
-\fB\-c\fR categories, \fB\-\-category\fR categories
+\fB\-c\fR \fI\,categories\/\fR, \fB\-\-category\fR \fI\,categories\/\fR
 category or categories (comma separated) to search in
 
 .TP
-\fB\-t\fR types, \fB\-\-type\fR types
+\fB\-t\fR \fI\,types\/\fR, \fB\-\-type\fR \fI\,types\/\fR
 type or types (comma separated)of executable to search for
 
 .TP
 \fB\-f\fR, \fB\-\-file\fR
 use a file containing a list of executables (one per line) instead of a single
 executable
 
+.SH COMMAND \fI\,'gtfoblookup.py wadcoms'\/\fR
+usage: gtfoblookup.py wadcoms [\-h] {list,search} ...
 
-.SH OPTIONS 'gtfoblookup.py wadcoms'
-usage: gtfoblookup.py wadcoms [-h] {list,search} ...
-
-.SS
-\fBSub-commands\fR
+.SH
+POSITIONAL ARGUMENTS \fI\,'gtfoblookup.py wadcoms'\/\fR
 .TP
 \fBgtfoblookup.py wadcoms\fR \fI\,list\/\fR
 list all types/categories/executables/prerequisites/services/attack types/OSs featured in the local copy of WADComs
 .TP
 \fBgtfoblookup.py wadcoms\fR \fI\,search\/\fR
 searchthe WADComs repository
-.SH OPTIONS 'gtfoblookup.py wadcoms list'
-usage: gtfoblookup.py wadcoms list [-h] attribute
+
+.SH COMMAND \fI\,'gtfoblookup.py wadcoms list'\/\fR
+usage: gtfoblookup.py wadcoms list [\-h] attribute
 
 .TP
 \fBattribute\fR
 the attribute to list
 
-
-.SH OPTIONS 'gtfoblookup.py wadcoms search'
-usage: gtfoblookup.py wadcoms search [-h] [-p prerequisites] [-s services]
-                                       [-a attack_types] [-o OSs] [-f]
-                                       executable
+.SH COMMAND \fI\,'gtfoblookup.py wadcoms search'\/\fR
+usage: gtfoblookup.py wadcoms search [\-h] [\-p prerequisites] [\-s services]
+                                     [\-a attack_types] [\-o OSs] [\-f]
+                                     executable
 
 .TP
 \fBexecutable\fR
-the executable to search for
+the executable to search for (use "all" to show results for all executables)
 
+.SH OPTIONS \fI\,'gtfoblookup.py wadcoms search'\/\fR
 .TP
-\fB\-p\fR prerequisites, \fB\-\-prereq\fR prerequisites
+\fB\-p\fR \fI\,prerequisites\/\fR, \fB\-\-prereq\fR \fI\,prerequisites\/\fR
 search for executables with a specific prerequisite or prerequisites (comma
 separated)
 
 .TP
-\fB\-s\fR services, \fB\-\-service\fR services
+\fB\-s\fR \fI\,services\/\fR, \fB\-\-service\fR \fI\,services\/\fR
 search for executables that interract with aspecific service or services(comma
 separated)
 
 .TP
-\fB\-a\fR attack_types, \fB\-\-attacktype\fR attack_types
+\fB\-a\fR \fI\,attack_types\/\fR, \fB\-\-attacktype\fR \fI\,attack_types\/\fR
 search for executables that can be used for aspecific type or types (comma
 separated) of attacks
 
 .TP
-\fB\-o\fR OSs, \fB\-\-os\fR OSs
+\fB\-o\fR \fI\,OSs\/\fR, \fB\-\-os\fR \fI\,OSs\/\fR
 search for executables that can be run on a specific operating system
 oroperating systems (comma separated)
 
@@ -172,9 +175,54 @@ oroperating systems (comma separated)
 use a file containing a list of executables (one per line) instead of a single
 executable
 
+.SH COMMAND \fI\,'gtfoblookup.py hijacklibs'\/\fR
+usage: gtfoblookup.py hijacklibs [\-h] {list,search} ...
+
+.SH
+POSITIONAL ARGUMENTS \fI\,'gtfoblookup.py hijacklibs'\/\fR
+.TP
+\fBgtfoblookup.py hijacklibs\fR \fI\,list\/\fR
+list all types/categories/executables/prerequisites/services/attack types/OSs featured in the local copy of HijackLibs
+.TP
+\fBgtfoblookup.py hijacklibs\fR \fI\,search\/\fR
+searchthe HijackLibs repository
+
+.SH COMMAND \fI\,'gtfoblookup.py hijacklibs list'\/\fR
+usage: gtfoblookup.py hijacklibs list [\-h] attribute
+
+.TP
+\fBattribute\fR
+the attribute to list
+
+.SH COMMAND \fI\,'gtfoblookup.py hijacklibs search'\/\fR
+usage: gtfoblookup.py hijacklibs search [\-h] [\-a attack_types] [\-v vendors]
+                                        [\-f]
+                                        executable
+
+.TP
+\fBexecutable\fR
+the executable to search for (use "all" to show results for all executables)
+
+.SH OPTIONS \fI\,'gtfoblookup.py hijacklibs search'\/\fR
+.TP
+\fB\-a\fR \fI\,attack_types\/\fR, \fB\-\-attacktype\fR \fI\,attack_types\/\fR
+search for executables that can be used for aspecific type or types (comma
+separated) of attacks
+
+.TP
+\fB\-v\fR \fI\,vendors\/\fR, \fB\-\-vendor\fR \fI\,vendors\/\fR
+search for executables from a specific vendor or vendors (comma separated)
+
+.TP
+\fB\-f\fR, \fB\-\-file\fR
+use a file containing a list of executables (one per line) instead of a single
+executable
+
 .SH AUTHORS
-.B GTFOBLookup
-was written by James Conlan <[email protected]>.
+.nf
+James Conlan - [email protected]
+.fi
+
 .SH DISTRIBUTION
 The latest version of GTFOBLookup may be downloaded from
 .UR https://github.com/nccgroup/GTFOBLookup