{
    "info": {
        "author": "Yuval tisf Nativ",
        "author_email": "yuval@morirt.com",
        "bugtrack_url": null,
        "classifiers": [
            "Development Status :: 2 - Pre-Alpha",
            "Environment :: Console",
            "Intended Audience :: Developers",
            "Intended Audience :: Science/Research",
            "License :: OSI Approved :: GNU General Public License v3 (GPLv3)",
            "Operating System :: MacOS",
            "Operating System :: Microsoft :: Windows",
            "Operating System :: POSIX",
            "Operating System :: Unix",
            "Programming Language :: Python",
            "Programming Language :: Python :: 2.7",
            "Topic :: Scientific/Engineering",
            "Topic :: Software Development"
        ],
        "description": "# PyExfil\n\n## Abstract\nThis started as a PoC project but has later turned into something a bit more. Currently it's an Alpha-Alpha stage package, not yet tested (and will appriciate any feedbacks and commits) designed to show several techniques of data exfiltration is real world scenarios. Currently here are what the package supports and what is allows is:\n\n* DNS query.\n* HTTP Cookie.\n* ICMP (8).\n* NTP requests.\n* BGP Open.\n\nPackage is still not really usable and will provide multiple issues. Please wait for a more reliable version to come along. You can track changes at the official [GitHub page](http://ytisf.github.io/PyExfil/).\nThe release of Symantec's Regin research was the initiator of this module. It is inspired by some of the features of [Regin](http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance). Go read about it :)\n\n## Techniques\n\n### DNS\nThis will allow establish of a listener on a DNS server to grab incoming DNS queries. It will then harvest them for files exfiltrated by the client. It **does not** yet allow simultaneous connections and transfers. DNS packets will look good to most listeners and *Wireshark* and *tcpdump* (which are the ones that have been tested) will show normal packet and not a 'malformed packet' or anything like that.\n### HTTP Cookie\nExfiltration of files over HTTP protocol but over the Cookies field. The strong advantage of this is that the cookie field is supposed to be random noise to any listener in the middle and therefore is very difficult to filter. \n### ICMP\nUses ICMP 8 packets (echo request) to add a file payload to it. It reimplemented ICMP ping requests and some sniffers are known to capture it as malformed packets. Wireshark currently displays it as a normal packet. \n\n## Future Stuff\n### Version Alpha\n- [ ] Check why HTTP Cookie exfiltration keeps failing CRC checks.\n- [X] Add NTP exfiltration. (Thanks to barachy for the idea)\n- [X] Complete NTP listener.\n- [X] BGP Data exfiltration + listener.\n- [ ] Write a proper Documentation.\n- [ ] Fix that poorly written *setup.py*.\n- [ ] More QA needed and fast!\n\n### Version Beta\n- [ ] Enable simultaneous support for all data exfiltration methods. \n- [ ] Translate module to C Windows.\n- [ ] Translate module to C Linux.\n- [ ] Get a damn logo :)\n\n## Thanks\nThanks [Wireshark](http://wireshark.com/) for your awesome wiki and tool. Especially [packet dumps](http://wiki.wireshark.org/SampleCaptures).\nThanks to barachy and AM for ideas on protocols to use. \n\n\nThe MIT License (MIT)\n=====================\n\nCopyright (c) 2014 Yuval tisf Nativ\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.",
        "description_content_type": null,
        "docs_url": null,
        "download_url": "https://www.github.com/ytisf/pyexfil",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "https://www.github.com/ytisf/pyexfil",
        "keywords": null,
        "license": "GPLv3",
        "maintainer": null,
        "maintainer_email": null,
        "name": "PyExfil",
        "package_url": "https://pypi.org/project/PyExfil/",
        "platform": "any",
        "project_url": "https://pypi.org/project/PyExfil/",
        "project_urls": {
            "Download": "https://www.github.com/ytisf/pyexfil",
            "Homepage": "https://www.github.com/ytisf/pyexfil"
        },
        "release_url": "https://pypi.org/project/PyExfil/0.0.1.Beta/",
        "requires_dist": null,
        "requires_python": null,
        "summary": "PyExfil: Python communication library over non-standard channels.",
        "version": "0.0.1.Beta"
    },
    "last_serial": 1366919,
    "releases": {
        "0.0.1.Beta": []
    },
    "urls": []
}