DNSteal – DNS Exfiltration Tool for Sending Files Over DNS Requests

Features:

• Support for multiple files
• Gzip compression supported
• Supports the customization of subdomains and bytes per subdomain and the length of the filename.

Usage:

Usage: python dnsteal.py [listen_address] [options]

Options:
-z      Unzip incoming files.
-v      Verbose output.
-h      This help menu

Advanced:
-b      Bytes to send per subdomain (default = 57, max=63)
-s      Number of data subdomains per request (default = 4, ie. $data.$data.$data.$data.
        $filename)
-f      Length reserved for filename per request (default = 17)

$ python dnsteal.py -z 127.0.0.1

-------- Do not change the parameters unless you understand! --------


The query length cannot exceed 253 bytes. This is including the filename.
The subdomains lengths cannot exceed 63 bytes.

Advanced:
dnsteal.py 127.0.0.1 -z -s 4 -b 57 -f 17  4 subdomains, 57 bytes => (57 * 4 = 232 bytes) 
+ (4 * '.' = 236). Filename => 17 byte(s)

dnsteal.py 127.0.0.1 -z -s 4 -b 55 -f 29  4 subdomains, 55 bytes => (55 * 4 = 220 bytes) 
+ (4 * '.' = 224). Filename => 29 byte(s)

dnsteal.py 127.0.0.1 -z -s 4 -b 63 -f  1  4 subdomains, 63 bytes => (62 * 4 = 248 bytes) 
+ (4 * '.' = 252). Filename =>  1 byte(s)

If you do not understand the help, then just use the program with default options!

python dnsteal.py 127.0.0.1 -z -v

This one would send 45 bytes per subdomain, of which there are 4 in the query. 15 bytes reserved for filename at the end.

python dnsteal.py 127.0.0.1 -z -v -b 45 -s 4 -f 15

This one would leave no space for the filename.

python dnsteal.py 127.0.0.1 -z -v -b 63 -s 4 -f 0