{"id":13845815,"url":"https://github.com/ekiojp/dfex","last_synced_at":"2025-07-12T03:32:24.656Z","repository":{"id":40613036,"uuid":"203903133","full_name":"ekiojp/dfex","owner":"ekiojp","description":"DNS File EXfiltration","archived":false,"fork":false,"pushed_at":"2024-04-12T21:49:14.000Z","size":12,"stargazers_count":45,"open_issues_count":2,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-08-05T17:45:11.300Z","etag":null,"topics":["dns","exfiltration","file","post-exploitation"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ekiojp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-08-23T01:45:32.000Z","updated_at":"2023-01-19T20:27:28.000Z","dependencies_parsed_at":"2022-08-26T23:21:36.699Z","dependency_job_id":null,"html_url":"https://github.com/ekiojp/dfex","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ekiojp%2Fdfex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ekiojp%2Fdfex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ekiojp%2Fdfex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ekiojp%2Fdfex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ekiojp","download_url":"https://codeload.github.com/ekiojp/dfex/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225791409,"owners_count":17524777,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dns","exfiltration","file","post-exploitation"],"created_at":"2024-08-04T17:03:37.123Z","updated_at":"2024-11-21T19:30:43.655Z","avatar_url":"https://github.com/ekiojp.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"![logo](https://dfex.dob.jp/img/intro-bg.jpg)\n\n## DNS File EXfiltration\n\nData exfiltration is a common technique used for post-exploitation, DNS is one of the most common protocols through firewalls.\nWe take the opportunity to build a unique protocol for transferring files across the network.\n\nExisting tools have some limitations and NG Firewalls are getting a bit \"smarter\", we have been obliged to explore new combinations of tactics to bypass these.\nUsing the good old fashion \"HIPS\" (Hidden In Plain Sigh) tricks to push files out\n\n----\n\n## Installation\n\n### Client\n```\napt-get install -y virtualenv python3 python3-pip git\ngit clone https://github.com/secdev/scapy\ncd scapy\nsudo python setup.py install \u0026\u0026 cd .. \u0026\u0026 sudo rm -rf scapy\n```\n\n```\nvirtualenv -p python3 dfex-client\ncd dfex-client\nsource ./bin/activate\n```\n\n```\ngit clone https://github.com/ekiojp/dfex\ncd dfex\npip3 -r requirements_client.txt install\n```\n\n### Server\n```\napt-get install -y virtualenv python3 python3-pip git\ngit clone https://github.com/secdev/scapy\ncd scapy\nsudo python setup.py install \u0026\u0026 cd .. \u0026\u0026 sudo rm -rf scapy\n```\n\n```\nvirtualenv -p python3 dfex-server\ncd dfex-server\nsource ./bin/activate\n```\n\n```\ngit clone https://github.com/ekiojp/dfex\ncd dfex\npip3 -r requirements_server.txt install\n```\n\n----\n\n## Usage\n\n[Client](https://github.com/ekiojp/dfex/wiki/DFEX-Client)\n\n[Server](https://github.com/ekiojp/dfex/wiki/DFEX-Server)\n\n----\n\n# Presentations\n\n### Video\n[HITB GSEC (Aug 2019)](https://youtu.be/tm2dyKGVNko?t=7493)\n### Slides\n[BSides Tokyo (Oct 2019)](https://speakerdeck.com/ekio_jp/dfex-dns-file-exfiltration-bsides-tokyo)\u003cbr\u003e\n[HITB GSEC (Aug 2019)](https://speakerdeck.com/ekio_jp/dfex-dns-file-exfiltration) or \n[HITB GSEC (Aug 2019)](https://gsec.hitb.org/materials/sg2019/D2%20COMMSEC%20-%20DFEX%20%e2%80%93%20DNS%20File%20EXfiltration%20-%20Emilio%20Couto.pdf)\n\n----\n\n# ToDo\n\n- [ ] DDFEX - Distributed DNS File Exfiltration\n- [ ] Make the code nicer\n\n----\n\n# Disclaimer\n\nThe tool is provided for educational, research or testing purposes.\u003cbr\u003e\nUsing this tool against network/systems without prior permission is illegal.\u003cbr\u003e\nThe author is not liable for any damages from misuse of this tool, techniques or code.\n\n----\n\n# Author\n\nEmilio / [@ekio_jp](https://twitter.com/ekio_jp)\n\n----\n\n# Licence\n\nPlease see [LICENSE](https://github.com/ekiojp/dfex/blob/master/LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fekiojp%2Fdfex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fekiojp%2Fdfex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fekiojp%2Fdfex/lists"}