Egression – Tool to Test Egress Controls

Testing network controls is important to understand if you still have a gap on your network or not. one of the security controls that is applied to many corporate network is the data leakage prevention DLP beside implementing filtering rules on the network devices to limit and prevent the data leakage attack. If you are looking to test your network filtering rules you can check Egression.

EGRESSION is a tool that provides an instant view of how easy it is to upload sensitive data from any given network. It starts with a sensitive file with these contents, which is stored locally in plaintext. This file is used to test the egress / DLP controls on the network by attempting to connect outbound and upload this file using various techniques.

Egression - Tool to Test Egress Controls

Egression – Tool to Test Egress Controls

The test file include the following mix of information which is similar to Social security number, National ID number, Credit card number and more:

  • //US Social
  • 567-24-4901
  • //Credit card numbers
  • 4111111111111111
  • 5105105105105100
  • 4222222222222
  • //Dates of birth
  • 12.12.94
  • 12/12/1994
  • 12/12/94
  • 12 July 1994
  • //Canadian SIN
  • 202 275 186
  • //UK National Insurance Number (NINO)
  • ST 68 86 80 B

The network verification will include the following actions:

  • Test the network egress controls with connections and sensitive file upload.   This will try to connect to port 23,22,80,443,3389 and 5900. you will find passed and failed connections.
  • Second test is FTP file upload to remote system
  • Third test is SSH file upload. this is over SCP connections.
  • Forth test using also SCP but to different ports to emulate other services like Telnet, HTTP, HTTPS, RDP, VNC and arbitrary high port.
  • The last test is for DNS UDP 53 file upload.

This tool and script will be useful if you are looking to test every service and security control. Generally the DLP solution can be deployed on the endpoint or comes as a network device either way it will be possible to bypass many of the controls so testing will allow you to understand what you should install to fix the security gap. Next step planned by the project owner is adding and supporting more services like NTP and ICMP.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments