Egressbuster – Checks Egress Filtering

EgressBuster is a way to test the effectiveness of egress filtering for an individual area. When performing a penetration test, often times companies leverage egress filtering in order to prevent access to the outside Internet.

Most companies have special exceptions and allow ports but they may be difficult to find.

Egressbuster - Checks Egress Filtering
Egressbuster – Checks Egress Filtering

There are two components with this tool:

egressbuster<.py><.exe> – can be run in Linux/OSX/Windows(EXE). This will check outbound ports to a location where you have egress_listener.py. Run this on the victim machine you want to check the ports on. You can also spawn an automatic command shell once a port is detected.

egressbuster_listener.py – this is the listener, this will automatically use IPTables to listen on all 65k ports for a connection. When a connection is allowed, it will notify you as well as spawn a shell if you specified the shell option.

Listener node can be deployed in AWS or any public IP or internal Lan this will be depending on the test plan and what is the network inbound and outbound configuration.

You can read more and download this tool over here: https://github.com/trustedsec/

Share