Data Exfiltration – Evasion – Social Engineering

Cloakify Toolset
* Data Exfiltration In Plain Sight
* Evade DLP/MLS Devices
* Social Engineering of Analysts
* Evade AV Detection
* Text-based steganography usings lists.

Python scripts to cloak / uncloak payloads using list-based ciphers (text-based steganography). Allows you to transfer data across a secure network’s perimeter without triggering alerts, defeating data whitelisting controls, and derailing analyst’s review via social engineering attacks against their workflows. As a bonus, cloaked files defeat signature-based malware detection tools.

Cloakify first Base64-encodes the payload, then applies a cipher to generate a list of strings that encodes the Base64 payload. Once exfiltrated, use Decloakify with the same cipher to decode the payload.

Not a secure encryption scheme (vulnerable to frequency analysis attacks). Encrypt data separately prior to processing to keep secure (if needed).

Very small, simple, clean, portable – written in Python. Can quickly type into a target’s local shell session if needed.

Use py2exe if Windows target lacks Python. (

Prepackaged ciphers include lists of:
* Desserts in English, Arabic, Thai, Russian, Hindi, Chinese, Persian, and Muppet (Swedish Chef)
* IPv4 Addresses of Popular Websites
* GeoCoords World Capitals (Lat/Lon)
* MD5 Password Hashes
* Emoji
* Amphibians (scientific names)
* GeoCaching Coordinates (w/ Site Names)
* Star Trek characters
* evadeAV (smallest cipher space – x3 payload size – purely to evade AV detection)

To create your own cipher
* Generate a list of at least 66 unique words / phrases / symbols (Unicode accepted)
* Randomize the list order
* Remove all duplicate entries and all blank lines

Pass the new file as the cipher argument to cloakify / decloakify

Download from Github.

git clone
%d bloggers like this: