DET – Data Exfiltration Toolkit

DET is a proof of concept Data Exfiltration Toolkit using either single or multiple channel(s) at the same time.

The idea behind DET was to create a generic tool-kit to plug any kind of protocol/service to test implemented Network Monitoring and Data Leakage Prevention (DLP) solutions configurations, against different data exfiltration techniques.

Features

DET already supports encryption and compression and also multiple protocols, listed here:

• HTTP(S)
• ICMP
• DNS
• SMTP/IMAP (eg. Gmail)
• Raw TCP
• PowerShell implementation (HTTP, DNS, ICMP, SMTP (used with Gmail))

And other “services”:

• Google Docs (Unauthenticated)
• Twitter (Direct Messages)

The following modules are “experimental”:

• Skype (95% done)
• Tor (80% done)
• Github (30/40% done)

Usage

1 2 3 4 5 6 7 8 9 10 11 12 13 14

python det.py -h usage: det.py [-h] [-c CONFIG] [-f FILE] [-d FOLDER] [-p PLUGIN] [-e EXCLUDE]               [-L]   Data Exfiltration Toolkit (SensePost)   optional arguments:   -h, --help  show this help message and exit   -c CONFIG   Configuration file (eg. '-c ./config-sample.json')   -f FILE     File to exfiltrate (eg. '-f /etc/passwd')   -d FOLDER   Folder to exfiltrate (eg. '-d /etc/')   -p PLUGIN   Plugins to use (eg. '-p dns,twitter')   -e EXCLUDE  Plugins to exclude (eg. '-e gmail,icmp')   -L          Server mode

Installation

Clone the repo:

1	git clone https://github.com/sensepost/DET.git

Then:

1	pip install -r requirements.txt --user

In the future the author hopes to add proper data obfuscation and other modules (FTP, Flickr using Steganography and YouTube).

Read more