Invoke-DNSteal is a Simple & Customizable DNS Data Exfiltrator.
This tool helps you to exfiltrate data through DNS protocol over UDP and TCP, and lets you control the size of queries using random delay. Also, allows you to avoid detections by using random domains in each of your queries and you can use it to transfer information both locally and remotely.
- Powershell 4.0 or higher
- Python 2
It is recommended to clone the complete repository or download the zip file. You can do this by running the following command:
git clone https://github.com/JoelGMSec/Invoke-DNSteal.git
___ _ ____ _ _ ____ _ _
|_ _|_ __ _ __ __ | | __ __ | _ | | / ___|| |__ __ __ _| |
| || '_ / / _ | |/ / _ _____| | | | | ___ | __/ _ / _' | |
| || | | V / (_) | < __/_____| |_| | | |___) | || __/ (_| | |
|___|_| |_|_/ ___/|_|____| |____/|_| _|____/ _____|__,_|_|
--------------------------- by @JoelGMSec --------------------------
Info: This tool helps you to exfiltrate data through DNS protocol
and lets you control the size of queries using random delay
Usage: .Invoke-DNSteal.ps1 -t target -p payload -l lenght
-s server -tcponly true/false -min 3000 -max 5000
· Target: Domain target to exfiltrate data
· Payload: Payload to send over DNS chunks
· Lenght: Lenght of payload to control d ata size
· Server: Custom server to resolve DNS queries
· TcpOnly: Set TcpOnly to true or false
· Delay Min: Min delay time to do a query in ms
· Delay Max: Max delay time to do a query in ms
· Random: Use random domain name to avoid detection
Warning: The lenght (payload size) must be between 4 and 240
The process time will increase depending on data size
The detailed guide of use can be found at the following link:
This project is licensed under the GNU 3.0 license – see the LICENSE file for more details.
Credits and Acknowledgments
This script has been created and designed from scratch by Joel Gámez Molina // @JoelGMSec
Special thanks to @3v4si0n for DNS over TCP implementation, and some general Python code.
This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.
For more information, you can contact through [email protected]