cpl / exodus Goto Github PK

DNS Exfiltration tool. By setting up a remote server listening for "DNS queries", we can bypass most firewall rules and monitoring.

This does not guarantee perfect stealth! A good network admin and setup will easily spot such traffic and flag it.

Do not use for malicious or illegal purposes! Use at your own risk.

1. Download the source code git clone https://github.com/cpl/exodus.git
2. Run the following: make, this will test everything, get dependencies and build the executables
3. Inside the folder ./out/, you will see the server and client executables

May not contain latest changes (some of which are bug fixes)!

1. Go to Exodus Releases on GitHub
2. Download the binaries for your systems

1. go get cpl.li/go/exodus/cmd/exodus-client
2. go get cpl.li/go/exodus/cmd/exodus-server

You can simply run it after installing it: exodus-server

This will run with the default port 53 and default data directory (tmp).

You can set --port 1453 to something custom and --data /var/exodus to whatever you want. There is also a -v flag to display logging messages.

When the server will receive a "query" it will store it in the following structure:

DATADIR/{token}/{count}.out

For example sending a file in 4 chunks using the token example and the server configured with the default temp dir, will result in the following:

/tmp/exodus/example/00000000.out
/tmp/exodus/example/00000001.out
/tmp/exodus/example/00000002.out
/tmp/exodus/example/00000003.out

From here you could do something as simple as: cat * > full.out to assemble it back.

The server can also run in Docker. To do so, first build the Docker image docker build -t exodus . and then start it with docker run -p <YOUR DNS UDP PORT>:5353/udp -it exodus.

Another way is to pull it as docker pull docker.pkg.github.com/cpl/exodus/exodus-server from the GitHub package manager.

The Exodus client needs the following flags:

• --server dns.example.com, this will be the address where YOU installed the Exodus Server
• --target normaldomain.com, this domain will be the "cover up", so set it to something realistic

Other optional flags are:

• --file something.txt, by default Exodus Client will use stdin as the input source
• --size 16, this is how many bytes to send per DNS query, the default is the max
• --port 1453, if you set the server to use something other than 53
• --token example, use different tokens for different "uploads", this will separate them server side
• -v, enables verbose logging
• --timed 30, will send 1 chunk every 30 seconds