PyExfil: A Python Package for Data Exfiltration



This started as a PoC project but has later turned into something a bit more. Currently, it’s an Alpha-Alpha stage package, not yet tested (and will appreciate any feedbacks and commits) designed to show several techniques of data exfiltration is real-world scenarios. Currently here are what the package supports and what is allowed is:


  • Network
    • DNS query.
    • HTTP Cookie.
    • ICMP (8).
    • NTP requests.
    • BGP Open.
    • HTTPS Replace Certificate.
    • QUIC – No Certificate.
    • Slack Exfiltration.
    • POP3 Authentication (as a password) – Idea thanks to Itzik Kotler
    • FTP MKDIR technique – Idea thanks to Itzik Kotler
    • DB-LSP (Broadcast or Unicast).
    • Source IP-based Exfiltration
  • Physical
    • Audio
    • QR Codes
    • WiFi – On Payload
  • Steganography
    • Binary Offset
    • Video Transcript to Dictionary


Copyright (c) 2014 Yuval tisf Nativ