This repository was archived by the owner on Jan 10, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
cldexfil
Nicolas Chabbey edited this page Nov 3, 2018
·
1 revision
cldexfil is a Python tool to passively extract data exfiltrated over the Domain Name System (DNS) channel. It's particularly useful when combined with client-less DNS exfiltration methods.
cldexfil is simple and flexible enough to be used in a lot of exploitation scenarios. The table below lists several practical examples of DNS exfiltration, using well-known vulnerabilities:
| CVE | Vulnerability | Exfiltration Method(s) |
|---|---|---|
| CVE-2018-11776 | Apache Struts 2 - OGNL Injection | shells net redirections |
You can directly contribute to this project by providing new features, by sharing innovative exfiltration methods, or simply by reporting bugs.