Skip to content

mazen91111/NetSpectre

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
covert_channel.asm
covert_channel.asm
 
 
netspectre.py
netspectre.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

NetSpectre -- Covert Network Channel Framework

  +=====================================================+
  |     NetSpectre -- Covert Network Channels            |
  |  ICMP Timing . DNS Tunnel . TCP Stego . HTTP Header  |
  |     Author: mazen91111 (parasite911)                 |
  +=====================================================+

Covert data exfiltration through hidden network channels. 7 techniques across ICMP, DNS, TCP, HTTP, TLS, IPv6, and WiFi protocols. Python framework + x86_64 Assembly encoder components.

Covert Channels

# Channel MITRE ID Protocol Stealth Bandwidth
1 ICMP Timing Channel T1095 ICMP 8/10 ~10 bps
2 DNS Tunneling T1071.004 DNS 6/10 ~500 bps
3 TCP Header Steganography T1001.003 TCP 9/10 ~200 bps
4 HTTP Header Channel T1071.001 HTTP 7/10 ~1000 bps
5 TLS Certificate Channel T1573.002 TLS 9/10 ~50 bps
6 IPv6 Flow Label T1095 IPv6 9/10 ~150 bps
7 WiFi Beacon Frame T1205.001 802.11 7/10 ~30 bps

Installation

git clone https://github.com/mazen91111/NetSpectre.git
cd NetSpectre
pip install -r requirements.txt

# Build assembly component (Linux x86_64)
nasm -f elf64 covert_channel.asm -o covert_channel.o
ld covert_channel.o -o covert_channel

Usage

# Full analysis + simulation
python3 netspectre.py --demo

# Show channel catalog
python3 netspectre.py --channels

# Simulate exfiltration with custom message
python3 netspectre.py --simulate "SECRET_DATA_HERE"

# Encode message through all channels
python3 netspectre.py --encode "Hello World"

Example Output

  [ COVERT CHANNEL CATALOG ]

  | #1  ICMP Timing Channel [ASM]
  | MITRE: T1095  |  Protocol: ICMP  |  BW: ~10 bps
  | Stealth: [||||||||  ] 8/10
  | Encode data in inter-packet timing delays of ICMP echo requests.
  | Bit '1' = long delay (100ms), Bit '0' = short delay (10ms).

  [ COVERT CHANNEL SIMULATION ]

  | Message: CLASSIFIED:TopSecret//SCI
  |
  | ICMP Timing Channel
  |   Packets  : 200
  |   Bandwidth: 10 bps
  |   Detection: 20%
  |   Encoded  : Timing bits: 0100001101001100...

  [ ICMP TIMING ANALYSIS ]
  | Message sent: CLASSIFI
  | Extracted bits: 01000011010011000100000101010...
  | Decoded:       CLASSIFI

  [ DETECTION MATRIX ]
  Channel                        Stealth  Detection  Bandwidth
  ICMP Timing Channel              8/10       20%    ~10 bps
  TCP Header Steganography         9/10       10%    ~200 bps
  TLS Certificate Channel          9/10       10%    ~50 bps
  IPv6 Flow Label Channel          9/10       10%    ~150 bps

Assembly Component

The covert_channel.asm file implements low-level encoders in x86_64 NASM:

  • ICMP Timing Encoder -- encodes bits via nanosleep(2) syscall timing
  • TCP ISN Encoder -- packs 4 bytes into 32-bit ISN fields
  • IPv6 Flow Label Encoder -- extracts 20-bit data from byte streams

Author

Mazen Obed -- @mazen91111 Covert Channels | Network Steganography | Data Exfiltration Research

Disclaimer

For authorized security research ONLY. Understanding covert channels is essential for network defense and detection.

License

MIT License

About

Covert Network Channel Framework -- 7 hidden data exfiltration channels (ICMP timing, DNS tunneling, TCP steganography, HTTP headers, TLS certs, IPv6 flow labels, WiFi beacons). Python + x86_64 Assembly.

Topics

python assembly red-team data-exfiltration dns-tunneling mitre-attack network-steganography covert-channels

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages