DET is a proof of concept Data Exfiltration Toolkit using either single or multiple channel(s) at the same time.
The idea behind DET was to create a generic tool-kit to plug any kind of protocol/service to test implemented Network Monitoring and Data Leakage Prevention (DLP) solutions configurations, against different data exfiltration techniques.
Features
DET already supports encryption and compression and also multiple protocols, listed here:
- HTTP(S)
- ICMP
- DNS
- SMTP/IMAP (eg. Gmail)
- Raw TCP
- PowerShell implementation (HTTP, DNS, ICMP, SMTP (used with Gmail))
And other “services”:
- Google Docs (Unauthenticated)
- Twitter (Direct Messages)
The following modules are “experimental”:
- Skype (95% done)
- Tor (80% done)
- Github (30/40% done)
Usage
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
python det.py -h usage: det.py [-h] [-c CONFIG] [-f FILE] [-d FOLDER] [-p PLUGIN] [-e EXCLUDE] [-L] Data Exfiltration Toolkit (SensePost) optional arguments: -h, --help show this help message and exit -c CONFIG Configuration file (eg. '-c ./config-sample.json') -f FILE File to exfiltrate (eg. '-f /etc/passwd') -d FOLDER Folder to exfiltrate (eg. '-d /etc/') -p PLUGIN Plugins to use (eg. '-p dns,twitter') -e EXCLUDE Plugins to exclude (eg. '-e gmail,icmp') -L Server mode |
Installation
Clone the repo:
1 |
git clone https://github.com/sensepost/DET.git |
Then:
1 |
pip install -r requirements.txt --user |
In the future the author hopes to add proper data obfuscation and other modules (FTP, Flickr using Steganography and YouTube).
Read more here.