egression

egression copied to clipboard

Description

EGRESSION is a tool that provides an instant view of how easy it is to upload sensitive data from any given network.

It starts with a sensitive file with these contents, which is stored locally in plaintext. This file is used to test the egress / DLP controls on the network by attempting to connect outbound and upload this file using various techniques.

• //US Social
• 567-24-4901
• //Credit card numbers
• 4111111111111111
• 5105105105105100
• 4222222222222
• //Dates of birth
• 12.12.94
• 12/12/1994
• 12/12/94
• 12 July 1994
• //Canadian SIN
• 202 275 186
• //UK National Insurance Number (NINO)
• ST 68 86 80 B

Testing procedure

It has four (4) levels of testing.

1. INFORMATIONAL: Tells you if it can connect to ports ont he internet.
2. LEVEL 0: Tells you if it can FTP a file to the internet in cleartext.
3. LEVEL 1: Tells you if it can SCP files to the internet over various ports.
4. LEVEL 2: Tells you if it can send the same sensitive file to the internet via DNS queries.

It does each of these in succession and then reports on which levels it failed to block.

Installation

The tool is made to be as self-contained as possible and easy to run. You can install the dependencies like so:

1. Ensure you have curl installed.
2. Ensure you have nc installed.
3. git clone https://github.com/danielmiessler/egression.git
4. cd egression
5. ./egression

Presentations

• Blackhat Arsenal 2017

Next Steps

Plans for the project include:

• Adding additional levels, with additional egress methods, e.g.: sending data over NTP, ICMP, etc.
• Additional fault checking for various scenarios

Credits and Thanks

• Hat tip to William Coppola for previous and complementary work he's done in this space with his Fillabuster tool, which he also presented at BlackHat Arsenal back in 2015.
• Thanks to Sasa Zdjelar and Jason Haddix for giving feedback on the tool.