A Python Data Exfiltration and Concealed Communication Package
Stress Testing Detection & Creativity
PyExfil was born as a PoC and kind of a playground and grew to be something a bit more. In my eyes it’s still a messy PoC that needs a lot more work and testing to become stable
. The purpose of PyExfil is to set as many exfiltration, and now also communication, techniques that CAN be used by various threat actors/malware around to bypass various detection and mitigation tools and techniques. You can track changes at the official GitHub page.
Putting it simply, it’s meant to be used as a testing tool rather than an actual Red Teaming tool. Although most techniques and methods should be easily ported and compiled to various operating systems, some stable some experimental, the transmission mechanism should be stable on all techniques. Clone it, deploy on a node in your organization and see which systems can catch which techniques.
For using pip
(not necessarily the most updated):
pip install --user PyExfil
For source:
git clone https://www.github.com/ytisf/PyExfil
cd PyExfil
pip install --user -r requirements.txt
We recommend installing py2exe
as well so that you may cross compile various modules to a binary for easier transportation. You can do that with:
pip install py2exe
Go to the same folder where PyExfil
was cloned to and:
pip setup.py --user install
For usage per modules have a look at the USAGE file.
Although this tool was initially created as a game and later on turned to be a Red Team oriented tool, at the end of a day a major usage of PyExfil
is to test various DLP (Data Leakage Protection) systems as well as detection of intrusion. To make the latter mission simpler we have created a little module to generate fake data with a structure that matches both PII and PCI data sets. These are intended to trigger alerts while being broadcate outside of the network.
Here is how to use it:
from pyexfil.includes import CreateTestData
c = CreateTestData(rows=1000, output_location="/tmp/list.csv")
c.Run()
After this you can use which ever PyExfil
module you would like to try and exfiltrate the data set created. This way you can test your detection without risking exfiltrating valuable data.
We welcome it! From testing, to improving quality of code and up to entirely new methods.
For details about version look at the tags on this repository.
DOCUMENTATION.md
and README.md
to two different files.zipception
does not fit into any existing category although currently residing under Stega
).names
.braille
exfiltration package.