API & MCP

LOLBin Reference Tool

Quick lookup for Living-off-the-Land Binaries during authorized red team engagements.

As of July 2026, LOLBin Reference Tool has users in the Developer Tools category.

Usersno change0%
Ratingno change0%
— reviews
Reviewsno change0%
Version
1.0.0
Manifest V3

History

1 snapshots

Tracking since Jul 9, 2026.

Not enough history yet for this metric — the chart fills in as we collect more snapshots.
View as table
DateUsersRatingReviewsVersion
Jul 9, 20261.0.0
Now1.0.0

Permissions & access

Permissions
storageclipboardWrite
Host access
https://api.yourdomain.com/*

Screenshots

LOLBin Reference Tool screenshot 1LOLBin Reference Tool screenshot 2LOLBin Reference Tool screenshot 3LOLBin Reference Tool screenshot 4

About

LOLBin Reference is a fast, fully offline lookup tool for Living-off-the-Land
Binaries (LOLBins) — the built-in OS binaries that can be abused to execute
code, download payloads, escalate privileges, or bypass defenses using
functionality Microsoft, Apple, and Linux distributions ship on every machine.
It works the same way as LOLBAS.github.io and GTFOBins.github.io, but packaged
as a searchable browser popup so red teamers, pentesters, and detection
engineers don't have to leave the browser tab they're already in.

⚠️ FOR AUTHORIZED SECURITY TESTING AND EDUCATIONAL USE ONLY. This is a
reference/lookup tool — it does not execute commands, deploy payloads, or
connect to any remote system. It only displays information about techniques,
exactly like the public LOLBAS and GTFOBins project sites.

WHAT'S INSIDE
• 142 curated entries — 58 Windows LOLBAS binaries + 84 Linux/Unix
  GTFOBins-style binaries — each linking back to its authoritative source
  (lolbas-project.github.io or gtfobins.github.io).
• Example commands for each technique, with one-click copy to clipboard.
• Sigma-style detection engineering notes on almost every entry, so blue
  teams and detection engineers can turn a technique lookup directly into an
  alerting rule.
• Instant client-side search across binary name, category, technique, and
  description — no page reloads, no loading spinners.
• Windows / Linux / All filter toggle to narrow results to one platform.

WHY IT'S OFFLINE-ONLY
The entire database ships inside the extension package. There are no host
permissions, no network requests, and no telemetry — everything renders from
the bundled, git-versioned dataset. Reference links open the original
LOLBAS/GTFOBins pages in a new tab only when you click them.

WHO IT'S FOR
• Red teamers and penetration testers who need a fast, authoritative
  technique reference during an authorized engagement.
• Detection engineers writing Sigma rules or SIEM alerts for LOLBin abuse.
• Students and blue teamers learning how native OS tooling gets abused, and
  how to detect it.

HOW TO USE IT
Click the extension icon, type a binary name (e.g. "certutil"), a technique
category (e.g. "privilege escalation"), or a keyword from the description.
Use the Windows/Linux toggle to narrow the platform. Click any example
command to copy it to your clipboard.

RESPONSIBLE USE
Use only against systems you own or are explicitly authorized to test. This
extension is a reference utility, not an exploitation tool — it never sends,
receives, or executes anything on your behalf.

Source available and open to review: see the project repository linked below.

Technical

Version
1.0.0
Manifest
V3
Size
59.27KiB
Min Chrome
88
Languages
1
Featured
No

Metadata

ID
gaalpmhbaimjbkmlnpcggcnjlbcppnhj
Developer ID
u20e817301acff1db9234004c6e1c136a
Developer Email
[email protected]
Created
Jul 8, 2026
Last Updated (Store)
Jul 8, 2026
Last Scraped
Jul 9, 2026
Website

Data sourced from the Chrome Web Store · last verified Jul 9, 2026.