Skip to Main Content
May 14, 2015

EgressBuster v0.2 and github goodies

Written by David Kennedy
Penetration Testing Security Testing & Analysis
A few years ago I released a tool that was called EgressBuster which allowed you to test the effectiveness of egress filtering in an environment. The concept was it would try a 1000 ports at a time, and attempt to connect out to a box on the Internet. When it did, it would automatically establish a shell for you. This project somewhat died off after I released the PoC as I became busy with other open source projects. Chris Gates recently came to me asking for some features as well as a few folks still using the tool. I decided to pick the project back up and add some whopper of features. The first is that EgressBuster now supports blasting out all 65k ports or as many as you want to. Initially, the main limitation was multiple threaded sockets in Linux didn't work so well all together. To fix this, I use iptables to redirect all ports to a single port getting full coverage on the listener side. I additionally made the shell functionality much easier and better and now supports cd'ing to different directories. Here's an example on how to use the new and vastly improved codebase. First, run the listener on a Linux box thats on the outside. This will automatically create the iptables for you and set everything up so you are ready to go. You don't have to automatically spawn a shell now, you can simply specify the optional shell parameter if you want a shell.
After you start the listener, a port is created on port 10900 and iptables shifted to allow your Linux box to listen on all ports. Specify shell if you want one, otherwise leave that argument blank.
Next there's two files, an egressbuster.py and an egressbuster.exe. The exe will work on a Windows machine and is the exact same codebase as egressbuster.py. All it needs is the IP address of the EgressBuster listener the ports that it needs and if you want to pop a shell after you run it. If you don't, just don't type shell and leave it blank. Note that egressbuster.py will work on Linux/Unix/OSX.
Once you run it, on the listener side if you specified a shell, you'll get a interactive command prompt on the victim. If you didn't specify you will see a list of all the ports that are allowed outbound.
In the above, this is a full interactive shell, so commands like cd C:\ will work perfectly fine. You can download the latest version of EgressBuster now from the github site: https://github.com/trustedsec/egressbuster Additionally, a module has been added for the Penetration Testers Framework (PTF): https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/. This article was written by David Kennedy, CEO of TrustedSec (@HackingDave)