To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

• [Name] - The name of the tool
• [Version] - What version of the tool should be added?
  --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
• [Homepage] - Where can the tool be found online? Where to go to get more information?
• [Download] - Where to go to get the tool?
• [Author] - Who made the tool?
• [Licence] - How is the software distributed? What conditions does it come with?
• [Description] - What is the tool about? What does it do?
• [Dependencies] - What is needed for the tool to work?
• [Similar tools] - What other tools are out there?
• [How to install] - How do you compile it?
• [How to use] - What are some basic commands/functions to demonstrate it?

(Realized I'd made those replies private, reposting so others on team can view)

• [Name] - Cloakify Toolset

• [Version] - v1.0.1

• [Homepage] - https://github.com/TryCatchHCF/Cloakify

• [Download] - https://github.com/TryCatchHCF/Cloakify

• [Author] - TryCatchHCF (Joe Gervais)

• [Licence] - MIT License

• [Description] - CloakifyFactory & the Cloakify Toolset employs text-based steganography using lists, converting any file type (e.g. executables, Office, Zip, images) into a list of everyday strings. Operational use cases include: Data Exfiltration & Infiltration; Evading DLP/MLS Devices; Social Engineering of Analysts; Defeating Data Whitelisting Controls; and Evading AV Detection.

CloakifyFactory transforms any filetype (e.g. .zip, .exe, .xls, etc.) into a list of harmless-looking strings. This lets you hide the file in plain sight, and transfer the file without triggering alerts. For example, you can transform a .zip file into a list of Pokemon creatures or Top 100 Websites. You then transfer the cloaked file however you choose, and then decloak the exfiltrated file back into its original form.

My favorite combination is to use the 'pokemonGo' cipher, then Add Noise 'prependLatLonCoords'. Move it around your DLP-protected networks. Get a copy into the SOC's hands and see what the analysts do with it. Adds color to the pentest / Red Team engagement report afterwards.

With your payload cloaked, you can transfer data across a secure network’s perimeter without triggering alerts. You can also defeat data whitelisting controls - is there a security device that only allows IP addresses to leave or enter a network? Turn your payload into IP addresses, problem solved. Additionaly, you can derail the security analyst’s review via social engineering attacks against their workflows. And as a final bonus, cloaked files defeat signature-based malware detection tools.

The pre-packaged ciphers are designed to appear like harmless / ignorable lists, though some (like MD5 password hashes) are specifically meant as distracting bait.

CloakifyFactory is a menu-driven tool that leverages the Cloakify Toolset scripts. When you choose to Cloakify a file, the scripts first Base64-encode the payload, then apply a cipher to generate a list of strings that encodes the Base64 payload. You then transfer the file however you wish to its desired destination. Once exfiltrated, choose Decloakify with the same cipher to decode the payload.

NOTE: Cloakify is not a secure encryption scheme. It's vulnerable to frequency analysis attacks. Use the 'Add Noise' option to add entropy when cloaking a payload to help degrade frequency analysis attacks. Be sure to encrypt the file prior to cloaking if secrecy is needed.

The supporting scripts (cloakify.py and decloakify.py) can be used as standalone scripts. Very small, simple, clean, portable. For scenarios where infiltrating the full toolset is impractical, you can quickly type the standalone script into a target’s local shell, generate a cipher in place, and cloakify -> exfiltrate.

• [Dependencies] - Python 2.7+

• [Similar tools] - None, really. Most steganograpy tools embed data in images. Most exfil tools obfuscate the data in a manner that clearly indicates obfuscation, and/or use obscure methods of data transport for final exfil (e.g. DNS queries). Cloakify was written to hide and transfer data in plain sight, in text/string format. Cloakify is also the only tool in its class that can defeat data whitelisting controls across secure network boundaries.

• [How to install] - Download and uncompress. The python scripts are ready to execute.

• [How to use] - CloakifyFactory.py is the menu-driven script that guides you through the process of cloakifying / decloakifying files.

$ ./cloakifyFactory.py

You can check the resulting cloaked files with any text editor for curiosity. Cloakify Factory will also give you the option of displaying the first 20 lines of any cloaked file (to check your results without exiting the tool or requiring a second shell).

The supporting scripts can be used individually as stand-alone as well, but there aren't many operational scenarios where that would be preferable.

Please let me know if you want more info, I'll get back with it ASAP. Thanks!

Cheers,

-TryCatchHCF

This looks like its python 2 - which is EOL