PyExfil — Python 3 toolkit for researching and stress-testing data exfiltration techniques across network, physical, and steganographic channels. For red team simulation and DLP detection testing.
Last updated Jun 25, 2026
809
Stars
145
Forks
3
Issues
0
Stars/day
Attention Score
67
Topics
Language breakdown
No language data available.
▸ Files
click to expand
README
PyExfil
Stress Testing Detection & Creativity
PyExfil was born as a PoC and kind of a playground and grew to be something a bit more. In my eyes it's still a messy PoC that needs a lot more work and testing to become stable. The purpose of PyExfil is to set as many exfiltration, and now also communication, techniques that CAN be used by various threat actors/malware around to bypass various detection and mitigation tools and techniques. You can track changes at the official GitHub page.
Putting it simply, it's meant to be used as a testing tool rather than an actual Red Teaming tool. Although most techniques and methods should be easily ported and compiled to various operating systems, some stable some experimental, the transmission mechanism should be stable on all techniques. Clone it, deploy on a node in your organization and see which systems can catch which techniques.
Getting Started
PIP
For usingpip (not necessarily the most updated):
pip install --user PyExfil
Prerequisites
For source:git clone https://www.github.com/ytisf/PyExfil
cd PyExfil
pip install --user -r requirements.txt
We recommend installing py2exe as well so that you may cross compile various modules to a binary for easier transportation. You can do that with:
pip install py2exe
Installing
Go to the same folder wherePyExfil was cloned to and:
pip setup.py --user install
List of Techniques
- Network
- Communication
- Physical
- Steganography
Data Generation
Although this tool was initially created as a game and later on turned to be a Red Team oriented tool, at the end of a day a major usage ofPyExfil is to test various DLP (Data Leakage Protection) systems as well as detection of intrusion. To make the latter mission simpler we have created a little module to generate fake data with a structure that matches both PII and PCI data sets. These are intended to trigger alerts while being broadcate outside of the network.
Here is how to use it:
from pyexfil.includes import CreateTestData
c = CreateTestData(rows=1000, output_location="/tmp/list.csv")
c.Run()
After this you can use which ever PyExfil module you would like to try and exfiltrate the data set created. This way you can test your detection without risking exfiltrating valuable data.
Contributing
We welcome contributions — from testing and bug fixes to entirely new covert channels.- DOCUMENTATION.md — how to write a new module using the class hierarchy, which base class to inherit, and where to register it.
- ARCHITECTURE.md — the full class hierarchy reference (
NetworkModule,CommModule,PhysicalModule,StegaModule) with API details and examples.
- CALLTO_ACTION.md — a curated list of open tasks: modules that still need conversion to the new class system, new channel ideas, test coverage gaps, and Python 3 modernisation work.
Future Changes
Versioning
For details about version look at the tags on this repository.Version 1.0.0!
- [x] Surprise on restructure (Add Another).
- [x] Split
DOCUMENTATION.mdandREADME.mdto two different files.
- [x] Get a nice logo.
- [x] Uniform calling convention for newer modules.
- [x] Exfiltration data-set generator (PII&PCI).
Version 1.3 - Harpax:
- [x] Adding 4 new modules.
- [x] General fixups.
- [x] Some old modules recoded to fit new standard.
- [x] Full compatibility between Python2 and Python3.
Version 1.5 - Lorax
- [x] Created structure, finally...
- [x] Proper documentation on contributing.
- [x] Adding
CALLTOACTION.mdfor community assistance.
- [x] Fixed some of the older legacy modules.
- [x] Adding
testsfor some basic smoketests. Will add more module oriented tests later on.
Hopefully - Close Future
- [x] Attempt at creating a more uniform call convention. See DOCUMENTATION.md.
- [ ] Fix that poorly written setup.py.
- [ ] Backport all old modules to new calling convention.
In the Distant Future - The Year 2000
- [ ] Add Golang/C++ support for portability.
- [ ] Extensive testing for py2exe support.
Acknowledgments
People & Companies
- Big shout out to JetBrains!!!
- Thanks to barachy and AM for ideas on protocols to use.
- Thanks to Itzik Kotler for some ideas.
- Shout out to @cac0ns3c for resolving some dependency hell.
- Thanks to @Nilesh0301 for pointing out some Python compatibility issues.
Resources
- Thanks Wireshark for your awesome wiki and tool. Especially packet dumps.
- Shout out to the nmap guys.
- Thanks to Trey Hunner for the package
names.
- The Faker package.
- Special thanks to Thomas Baruchel and Fredrik de Vibe for the txt2pdf package we used in the
brailleexfiltration package.
🔗 More in this category