{"id":13845107,"url":"https://github.com/JoelGMSec/Invoke-DNSteal","last_synced_at":"2025-07-12T01:31:40.797Z","repository":{"id":41172927,"uuid":"379895389","full_name":"JoelGMSec/Invoke-DNSteal","owner":"JoelGMSec","description":"Simple \u0026 Customizable DNS Data Exfiltrator","archived":false,"fork":false,"pushed_at":"2023-07-17T11:26:19.000Z","size":437,"stargazers_count":109,"open_issues_count":0,"forks_count":23,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-05-08T20:45:08.404Z","etag":null,"topics":["data","delay","dns","domain","exfiltrator","fake","random","tcp","udp"],"latest_commit_sha":null,"homepage":"https://darkbyte.net","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JoelGMSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"JoelGMSec","patreon":null,"open_collective":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":["https://buymeacoff.ee/JoelGMSec","https://darkbyte.net/shop"]}},"created_at":"2021-06-24T11:03:09.000Z","updated_at":"2025-03-17T17:54:45.000Z","dependencies_parsed_at":"2025-05-08T20:46:38.685Z","dependency_job_id":null,"html_url":"https://github.com/JoelGMSec/Invoke-DNSteal","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/JoelGMSec/Invoke-DNSteal","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FInvoke-DNSteal","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FInvoke-DNSteal/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FInvoke-DNSteal/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FInvoke-DNSteal/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JoelGMSec","download_url":"https://codeload.github.com/JoelGMSec/Invoke-DNSteal/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JoelGMSec%2FInvoke-DNSteal/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264923080,"owners_count":23683716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["data","delay","dns","domain","exfiltrator","fake","random","tcp","udp"],"created_at":"2024-08-04T17:03:10.897Z","updated_at":"2025-07-12T01:31:40.782Z","avatar_url":"https://github.com/JoelGMSec.png","language":"PowerShell","funding_links":["https://github.com/sponsors/JoelGMSec","https://buymeacoff.ee/JoelGMSec","https://darkbyte.net/shop","https://www.buymeacoffee.com/joelgmsec"],"categories":["PowerShell"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\u003cimg width=600 alt=\"Invoke-DNSteal\" src=\"https://raw.githubusercontent.com/JoelGMSec/Invoke-DNSteal/main/Design/Invoke-DNSteal.png\"\u003e\u003c/p\u003e\n\n**Invoke-DNSteal** is a Simple \u0026 Customizable DNS Data Exfiltrator.\n\nThis tool helps you to exfiltrate data through DNS protocol over UDP and TCP, and lets you control the size of queries using random delay. Also, allows you to avoid detections by using random domains in each of your queries and you can use it to transfer information both locally and remotely.\n\n\n# Requirements\n- Powershell 4.0 or higher\n- Python 2\n\n\n# Download\nIt is recommended to clone the complete repository or download the zip file.\nYou can do this by running the following command:\n```\ngit clone https://github.com/JoelGMSec/Invoke-DNSteal.git\n```\n\n\n# Usage\n```\n.\\Invoke-DNSteal.ps1 -h\n\n  ___                 _              ____  _   _ ____  _             _\n |_ _|_ __ _   __ __ | | __ __      |  _ \\| \\ | / ___|| |__ __  __ _| |\n  | || '_ \\ \\ / / _ \\| |/ / _ \\_____| | | |  \\| \\___ \\| __/ _ \\/ _' | |\n  | || | | \\ V / (_) |   \u003c  __/_____| |_| | |\\  |___) | ||  __/ (_| | |\n |___|_| |_|\\_/ \\___/|_|\\_\\___|     |____/|_| \\_|____/ \\__\\___|\\__,_|_|\n\n  --------------------------- by @JoelGMSec --------------------------\n\n Info:  This tool helps you to exfiltrate data through DNS protocol\n        and lets you control the size of queries using random delay\n\n Usage: .\\Invoke-DNSteal.ps1 -t target -p payload -l length\n         -s server -tcponly true/false -min 3000 -max 5000\n\n Parameters:\n       · Target:      Domain target to exfiltrate data\n       · Payload:     Payload to send over DNS chunks\n       · Length:      Length of payload to control data size\n       · Server:      Custom server to resolve DNS queries\n       · TcpOnly:     Set TcpOnly to true or false\n       · Delay Min:   Min delay time to do a query in ms\n       · Delay Max:   Max delay time to do a query in ms\n       · Random:      Use random domain name to avoid detection\n\n Warning: The length (payload size) must be between 4 and 240\n          The process time will increase depending on data size\n```\n\n### The detailed guide of use can be found at the following link:\n\nhttps://darkbyte.net/exfiltrando-informacion-por-dns-con-invoke-dnsteal\n\n\n# License\nThis project is licensed under the GNU 3.0 license - see the LICENSE file for more details.\n\n\n# Credits and Acknowledgments\n\u003c!-- Twitter URLs --\u003e\n[@3v4si0n]: https://twitter.com/3v4si0n\n\nThis script has been created and designed from scratch by Joel Gámez Molina // @JoelGMSec\n\nSpecial thanks to [@3v4si0n] for DNS over TCP implementation, and some general Python code.\n\n\n# Contact\nThis software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.\n\nFor more information, you can find me on Twitter as [@JoelGMSec](https://twitter.com/JoelGMSec) and on my blog [darkbyte.net](https://darkbyte.net).\n\n\n# Support\nYou can support my work buying me a coffee:\n\n[\u003cimg width=250 alt=\"buymeacoffe\" src=\"https://cdn.buymeacoffee.com/buttons/v2/default-blue.png\"\u003e](https://www.buymeacoffee.com/joelgmsec)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJoelGMSec%2FInvoke-DNSteal","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FJoelGMSec%2FInvoke-DNSteal","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJoelGMSec%2FInvoke-DNSteal/lists"}