Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ekiojp/dfex
DNS File EXfiltration
https://github.com/ekiojp/dfex
dns exfiltration file post-exploitation
Last synced: 21 days ago
JSON representation
DNS File EXfiltration
- Host: GitHub
- URL: https://github.com/ekiojp/dfex
- Owner: ekiojp
- License: mit
- Created: 2019-08-23T01:45:32.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2024-04-12T21:49:14.000Z (8 months ago)
- Last Synced: 2024-08-05T17:45:11.300Z (4 months ago)
- Topics: dns, exfiltration, file, post-exploitation
- Language: Python
- Size: 11.7 KB
- Stars: 45
- Watchers: 2
- Forks: 4
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - ekiojp/dfex - DNS File EXfiltration (Python)
README
![logo](https://dfex.dob.jp/img/intro-bg.jpg)
## DNS File EXfiltration
Data exfiltration is a common technique used for post-exploitation, DNS is one of the most common protocols through firewalls.
We take the opportunity to build a unique protocol for transferring files across the network.Existing tools have some limitations and NG Firewalls are getting a bit "smarter", we have been obliged to explore new combinations of tactics to bypass these.
Using the good old fashion "HIPS" (Hidden In Plain Sigh) tricks to push files out----
## Installation
### Client
```
apt-get install -y virtualenv python3 python3-pip git
git clone https://github.com/secdev/scapy
cd scapy
sudo python setup.py install && cd .. && sudo rm -rf scapy
``````
virtualenv -p python3 dfex-client
cd dfex-client
source ./bin/activate
``````
git clone https://github.com/ekiojp/dfex
cd dfex
pip3 -r requirements_client.txt install
```### Server
```
apt-get install -y virtualenv python3 python3-pip git
git clone https://github.com/secdev/scapy
cd scapy
sudo python setup.py install && cd .. && sudo rm -rf scapy
``````
virtualenv -p python3 dfex-server
cd dfex-server
source ./bin/activate
``````
git clone https://github.com/ekiojp/dfex
cd dfex
pip3 -r requirements_server.txt install
```----
## Usage
[Client](https://github.com/ekiojp/dfex/wiki/DFEX-Client)
[Server](https://github.com/ekiojp/dfex/wiki/DFEX-Server)
----
# Presentations
### Video
[HITB GSEC (Aug 2019)](https://youtu.be/tm2dyKGVNko?t=7493)
### Slides
[BSides Tokyo (Oct 2019)](https://speakerdeck.com/ekio_jp/dfex-dns-file-exfiltration-bsides-tokyo)
[HITB GSEC (Aug 2019)](https://speakerdeck.com/ekio_jp/dfex-dns-file-exfiltration) or
[HITB GSEC (Aug 2019)](https://gsec.hitb.org/materials/sg2019/D2%20COMMSEC%20-%20DFEX%20%e2%80%93%20DNS%20File%20EXfiltration%20-%20Emilio%20Couto.pdf)----
# ToDo
- [ ] DDFEX - Distributed DNS File Exfiltration
- [ ] Make the code nicer----
# Disclaimer
The tool is provided for educational, research or testing purposes.
Using this tool against network/systems without prior permission is illegal.
The author is not liable for any damages from misuse of this tool, techniques or code.----
# Author
Emilio / [@ekio_jp](https://twitter.com/ekio_jp)
----
# Licence
Please see [LICENSE](https://github.com/ekiojp/dfex/blob/master/LICENSE).