DET (extensible) Data Exfiltration Toolkit Logo

DET (extensible) Data Exfiltration Toolkit

0
Free
Visit Website

DET (is provided AS IS), is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time. The idea was to create a generic toolkit to plug any kind of protocol/service to test implmented Network Monitoring and Data Leakage Prevention (DLP) solutions configuration, against different data exfiltration techniques. Slides DET has been presented at BSides Ljubljana on the 9th of March 2016 and the slides will be available here. Slides are available here. Example usage (ICMP plugin) Server-side: Client-side: Usage while combining two channels (Gmail/Twitter) Server-side: Client-side: Installation Clone the repo: git clone https://github.com/PaulSec/DET.git Then: pip install -r requirements.txt --user Configuration In order to use DET, you will need to configure it and add your proper settings (eg. SMTP/IMAP, AES256 encryption passphrase, proxies and so on). A configuration example file has been provided and is called: config-sample.json { "plugins": { "http": { "target": "192.168.0.12", "port": 8080, "proxies": ["192.168.0.13", "192.168.0.14"] }, "google_docs": { "target": "conchwaiter.uk.plak.cc"

FEATURES

ALTERNATIVES

A macOS Initial Access Payload Generator for penetration testing and red teaming exercises.

A tool for recursively querying webservers

A collection of tips and tricks for container and container orchestration hacking

An interactive multi-user web JS shell

A Python script for creating a cohesive and up-to-date penetration testing framework.

A set of YARA rules for identifying files containing sensitive information

Pentest active directory LAB project for practicing attack techniques.

Open source application for retrieving passwords stored on a local computer with support for various software and platforms.