OutBandit – Out Of Band Exfiltration Tool

Out-of-band (OOB) attacks are a serious threat to the security of web applications. These attacks allow attackers to communicate with a compromised system or application in a way that goes undetected, making them particularly dangerous. For that I created OutBandit tool which can perform wide range of out of band attacks in seconds.

Download: https://github.com/mymuzzy/OutBandit/releases/

To help security professionals test for these types of attacks, the OutBandit tool was developed. Built as an extension for the widely used Burp Suite web application security testing tool, OutBandit is written in Java and can test web applications running on both Windows and Linux environments.

One of the key advantages of OutBandit is its ability to test applications built using different technologies such as Python, Java, .NET, PHP, and Node.js. This makes it a highly flexible tool that can be customized to meet the specific needs of different applications.

OutBandit can perform a wide range of attacks, including below attacks:

  • Command Injection
  • XML External Entity
  • SQL Injection
  • Server-Side JavaScript Injection
  • Server-Side Includes
  • Server-Side Template Injection
  • Remote File Inclusion
  • Open Redirection
  • Simple Mail Transfer Protocol
  • Code Injection
  • Deserialization
  • Expression Language Injection

Another key feature of OutBandit is its ability to work with both internet and intranet facing applications. It can also send both HTTP and DNS requests which is uniqueness about this tool.

Overall, OutBandit is a powerful and comprehensive tool for testing the security of web applications. Its ability to work with different technologies and network environments makes it an ideal asset for security professionals looking to ensure the security of their applications and infrastructure. By identifying vulnerabilities that may be missed by other testing methods, OutBandit can help organizations stay ahead of the latest cyber threats and keep their systems and applications secure.