
What is DNSStager?
DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. This tool will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as AAAA
or TXT
records after splitting it into chunks and encoding the payload using different algorithms.
DNSStager can generate a custom agent written in C
or GoLang
that will resolve a sequence of domains, retrieve the payload, decode it and finally inject it into the memory based on any technique you want.
You can edit the code of DNSStager agent as you wish, and build it using your own custom execution techniques.
The main goal of using DNSStager is to help red teamers/pentesters to deliver their payloads in stealthy channel using DNS.
How does it work?
Based on your DNS resolution option, DNSStager will split your payload into chunks and save each chunk of the payload as a response for a subdomain.
For example, if you choose IPV6
as your option to retrieve the payload, the DNS response will be something like:
Where 5648:31d2:6548:8b52:6048:8b52:1848:8b52
is a part of your payload.
So, the agent will resolve some domains to retrieve the payload and then decode it and finally inject it into memory.
Currently, DNSStager only supports two records, AAAA
and TXT
. You can encode your payload using XOR for the AAAA
record and by default it will be encoded as base64 if you choose TXT
record.

DNSStager key features:
DNSStager has some key features such as:
- Hide and Resolve your payload in
IPV6
records. - Hide and Resolve your payload in
TXT
records. - XOR encoder to encode your payload.
- Base64 encoder to encode your payload (only for TXT records).
- Pure agent written in
C
with the ability to customise it. - Pure agent written in
GoLang
with the ability to customise it. - The ability to use sleep between each DNS request.
- AND MUCH MORE TO COME!
Requirements
- GoLang version 1.16.3 and to make sure to install the following packages:
- golang.org/x/sys
- github.com/miekg/dns
- Ming-w64
Installation
To get the latest version of DNSStager, make sure to clone it from this repo using the following command:
Then you need to install the requirements using the following command:
And make sure to install all the previously mentioned requirements too.
After doing all that, you are ready to execute DNSStager as root to get the following:
Usage
To start using DNSStager, make sure to setup your DNS settings first, you need to make your domain points to the DNSStager instance as NS record
in order to handle all the DNS requests to your domain.
You can read this full article about how to setup and use DNSStager.
