dnsteal is a DNS exfiltration tool, essentially a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.
dnsteal is coded in python and is available on Github.
Featuresdnsteal currently has:
Support for multiple files Gzip compression supported Supports the customisation of subdomains Customise bytes per subdomain and the length of filename Usage # cd dnsteal/ # ./dnsteal.py -h _____ ___ __ |\| \| / __| |_ _____ _| | | |) | .` \__ \_/ -_) _` | | |___/|_|\_|___/\__\___\__,_|_|v2.0 -- https://github.com/m57/dnsteal.git -- StealthyfileextractionviaDNSrequests Usage: python ./dnsteal.py [listen_address] [options] Options: -zUnzipincomingfiles. -vVerboseoutput. -hThis helpmenu Advanced: -bBytesto sendpersubdomain(default = 57, max=63) -sNumberofdatasubdomainsperrequest(default =4, ie. $data.$data.$data.$data.$filename) -fLengthreservedfor filenameperrequest(default = 17) $ python ./dnsteal.py -z 127.0.0.1 -------- Do not changetheparametersunlessyouunderstand! -------- Thequerylengthcannotexceed 253 bytes. This is includingthefilename. Thesubdomainslengthscannotexceed 63 bytes. Advanced: ./dnsteal.py 127.0.0.1 -z -s 4 -b 57 -f 174 subdomains, 57 bytes => (57 * 4 = 232 bytes) + (4 * '.' = 236). Filename => 17 byte(s) ./dnsteal.py 127.0.0.1 -z -s 4 -b 55 -f 294 subdomains, 55 bytes => (55 * 4 = 220 bytes) + (4 * '.' = 224). Filename => 29 byte(s) ./dnsteal.py 127.0.0.1 -z -s 4 -b 63 -f14 subdomains, 63 bytes => (62 * 4 = 248 bytes) + (4 * '.' = 252). Filename =>1 byte(s) #You can download dnsteal here:
dnsteal.py
Or read more here .