dnsteal - DNS Exfiltration tool for stealthily sending files over DNS requests


This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.

Below are a couple of different images showing examples of multiple file transfer and single verbose file transfer:

  • Support for multiple files
  • Gzip compression supported
  • Now supports the customization of subdomains and bytes per subdomain and the length of filename

See help below:

If you do not understand the help, then just use the program with default options!

python dnsteal.py -z -v

This one would send 45 bytes per subdomain, of which there are 4 in the query. 15 bytes reserved for filename at the end.

python dnsteal.py -z -v -b 45 -s 4 -f 15

This one would leave no space for filename.

python dnsteal.py -z -v -b 63 -s 4 -f 0

More at: https://github.com/m57/dnsteal

April 7, 2020


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Abdullahi Abdulmalik
2 years ago

Nice post thanks for your useful contents

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023