Dnsteal – DNS Exfiltration Tool for sending files over DNS

Dnsteal is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. This can be useful during a Redteam exercise to test how is the network protected and if there is an egress filtering properly implemented to prevent data exfiltration.

Dnsteal - DNS Exfiltration tool for stealthily sending files over DNS Requests
Dnsteal – DNS Exfiltration tool for stealthily sending files over DNS Requests

Some of the features available with this tool are:

  • Support for multiple files
  • Gzip compression supported
  • Now supports the customization of subdomains and bytes per subdomain and the length of file

DNS is used on many corporate network to resolve domains so similar tool may allow attacker to send sensitive information and bypass many network security measures. On the other hand system admin should make sure to monitor all DNS traffic and identify any suspicious activity that may indicate a malicious infection or abnormal packet.

Options available with the tool:

  • -z Unzip incoming files.
  • -v Verbose output.
  • -h This help menu
  • -b Bytes to send per subdomain (default = 57, max=63)
  • -s Number of data subdomains per request (default = 4, ie. $data.$data.$data.$data.$filename)
  • -f Length reserved for filename per request (default = 17)

You can read more and download this tool over here: https://github.com/m57/dnsteal

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments