• Stars
    star
    753
  • Rank 60,280 (Top 2 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 10 years ago
  • Updated 7 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Python Package for Data Exfiltration

PyExfil

Stress Testing Detection & Creativity

Contributions Welcome HitCount PyPI download month PyPI license GitHub stars made-with-python

Logo

PyExfil was born as a PoC and kind of a playground and grew to be something a bit more. In my eyes it's still a messy PoC that needs a lot more work and testing to become stable. The purpose of PyExfil is to set as many exfiltration, and now also communication, techniques that CAN be used by various threat actors/malware around to bypass various detection and mitigation tools and techniques. You can track changes at the official GitHub page.

Putting it simply, it's meant to be used as a testing tool rather than an actual Red Teaming tool. Although most techniques and methods should be easily ported and compiled to various operating systems, some stable some experimental, the transmission mechanism should be stable on all techniques. Clone it, deploy on a node in your organization and see which systems can catch which techniques.

Getting Started

PIP

For using pip (not necessarily the most updated):

pip install --user PyExfil

Prerequisites

For source:

git clone https://www.github.com/ytisf/PyExfil
cd PyExfil
pip install --user -r requirements.txt

We recommend installing py2exe as well so that you may cross compile various modules to a binary for easier transportation. You can do that with:

pip install py2exe

Installing

Go to the same folder where PyExfil was cloned to and:

pip setup.py --user install

List of Techniques

For usage per modules have a look at the USAGE file.

Data Generation

Although this tool was initially created as a game and later on turned to be a Red Team oriented tool, at the end of a day a major usage of PyExfil is to test various DLP (Data Leakage Protection) systems as well as detection of intrusion. To make the latter mission simpler we have created a little module to generate fake data with a structure that matches both PII and PCI data sets. These are intended to trigger alerts while being broadcate outside of the network.

Here is how to use it:

from pyexfil.includes import CreateTestData

c = CreateTestData(rows=1000, output_location="/tmp/list.csv")
c.Run()

After this you can use which ever PyExfil module you would like to try and exfiltrate the data set created. This way you can test your detection without risking exfiltrating valuable data.

Contributions

We welcome it! From testing, to improving quality of code and up to entirely new methods.

Future Changes

Versioning

For details about version look at the tags on this repository.

Version 1.0.0!

  • Surprise on restructure (Add Another).
  • Split DOCUMENTATION.md and README.md to two different files.
  • Get a nice logo.
  • Uniform calling convention for newer modules.
  • Exfiltration data-set generator (PII&PCI).

Version 1.3 - Harpax:

  • Adding 4 new modules.
  • General fixups.
  • Some old modules recoded to fit new standard.
  • Full compatibility between Python2 and Python3.

Version 1.4 - ?:

  • Expand physical exfiltration channels.
  • Re-test servers on older modules.
  • Add file manipulation class (for example, module zipception does not fit into any existing category although currently residing under Stega).

Hopefully - Close Future

  • Attempt at creating a more uniform call convention. See DOCUMENTATION.md.
  • Fix that poorly written setup.py.
  • Backport all old modules to new calling convention.

In the Distant Future - The Year 2000

  • Add Golang/C++ support for portability.
  • Extensive testing for py2exe support.

Acknowledgments

People & Companies

  • Big shout out to JetBrains!!!
  • Thanks to barachy and AM for ideas on protocols to use.
  • Thanks to Itzik Kotler for some ideas.
  • Shout out to @cac0ns3c for resolving some dependency hell.
  • Thanks to @Nilesh0301 for pointing out some Python compatibility issues.
  • Big thanks to @hbmartin for pointing us to pytube3 latest update and support.

Resources

  • Thanks Wireshark for your awesome wiki and tool. Especially packet dumps.
  • Shout out to the nmap guys.
  • Thanks to Trey Hunner for the package names.
  • The Faker package.
  • Special thanks to Thomas Baruchel and Fredrik de Vibe for the txt2pdf package we used in the braille exfiltration package.

More Repositories

1

theZoo

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
Python
11,074
star
2

BirDuster

A multi threaded Python script designed to brute force directories and files names on webservers.
Python
69
star
3

muninn

A short and small memory forensics helper.
Python
50
star
4

RandomGoodness

General tools and scripts i want to make public to the world.
Shell
40
star
5

hemingway

hemingway is a simple and easy to use spear phishing helper.
Python
38
star
6

apate

Your Friendly Neighbourhood Honeypot Maker and Manager
CSS
31
star
7

LookingGlass

Customisable PCAP parser and research assistant
Python
26
star
8

FakeBait

Short little AV Test to check Detection Rates
Python
23
star
9

CreepyCrawler

A simple Python tool to harvest email addresses from Google.
Python
15
star
10

polarising-pine

Set of PoC for exploits for QRadar SIEM
Python
15
star
11

Kindler

An E-Ink Raspberry Pi PhotoFrame DIY Project
Python
10
star
12

Whisper

A pentesting Firefox spy extension - PoC
JavaScript
8
star
13

Anrin

A Log Censore Tool
Python
6
star
14

language-mermaid

Mermaid syntax for Atom
6
star
15

RainbowQR

Python package to encode THREE QR codes into ONE.
Python
6
star
16

mdk3_6.1

A fork and modification of the original MDK3
C
6
star
17

pyso

StackOverflow CLI search tool.
Python
5
star
18

combina-0.4.2

An upgrade to the original combina password and rainbow table generator.
5
star
19

ext-gpg

An extreme version of GnuPGP able to create keys of up to 16kb.
C
5
star
20

RegexFriend

Just a regex helper to write yourregexs with and test them
C#
4
star
21

THEMIS

A Mathematical Framework for Threat Hunting
3
star
22

SSLHostnameResolver

Given a range of IP addresses, SSLHostnameResolver will fetch X.509 certificate to determine name (if possible)
Python
3
star
23

BurpToggler

A Firefox Addon to enable and disable Burp proxy
JavaScript
3
star
24

pyQuick3

A quick implementation of QuickSort3.
Python
2
star
25

aasdfg

Create a truly random, en-masse, random seed using your webcam's noise. Locally.
Python
2
star
26

EMCatcher

EMCatcher is a headless assistant tool for the Proxrmark3 & RaspberryPi
Python
2
star
27

red_alert_notifier

A simple red alert notifier for the GNOME/UNITY desktop
Python
1
star
28

Maltego-OTX-Pulses

A set of transformations to for indicators-pulses
Python
1
star