EGRESSION is a tool that provides an instant view of how easy it is to upload sensitive data from any given network.
It starts with a sensitive file with these contents, which is stored locally in plaintext. This file is used to test the egress / DLP controls on the network by attempting to connect outbound and upload this file using various techniques.
- //US Social
- 567-24-4901
- //Credit card numbers
- 4111111111111111
- 5105105105105100
- 4222222222222
- //Dates of birth
- 12.12.94
- 12/12/1994
- 12/12/94
- 12 July 1994
- //Canadian SIN
- 202 275 186
- //UK National Insurance Number (NINO)
- ST 68 86 80 B
It has four (4) levels of testing.
- INFORMATIONAL: Tells you if it can connect to ports ont he internet.
- LEVEL 0: Tells you if it can FTP a file to the internet in cleartext.
- LEVEL 1: Tells you if it can SCP files to the internet over various ports.
- LEVEL 2: Tells you if it can send the same sensitive file to the internet via DNS queries.
It does each of these in succession and then reports on which levels it failed to block.
The tool is made to be as self-contained as possible and easy to run. You can install the dependencies like so:
- Ensure you have
curlinstalled. - Ensure you have
ncinstalled. git clone https://github.com/danielmiessler/egression.gitcd egression./egression
- Blackhat Arsenal 2017
Plans for the project include:
- Adding additional levels, with additional egress methods, e.g.: sending data over NTP, ICMP, etc.
- Additional fault checking for various scenarios
- Hat tip to William Coppola for previous and complementary work he's done in this space with his Fillabuster tool, which he also presented at BlackHat Arsenal back in 2015.
- Thanks to Sasa Zdjelar and Jason Haddix for giving feedback on the tool.