Objective To solve the problems of slow convergence and high cost of the existing data-free black-box attack methods based on generative adversarial networks a novel black-box transfer attack method is proposed. Methods The method consists of two stages training data synthesis and substitute model distillation. In the stage of training data synthesis the generator is optimized to maximize the consistency between the outputs of the substitute model and the target model and two loss functions are introduced to constrain the data distribution generated by the generator. In the stage of substitute model distillation a substitute model is designed with residual blocks containing learnable parameters and data synthesized by the generator is used to fit the decision boundary of the target model. By alternating between these two stages of training the substitute model can better fit the decision boundary of the target model thereby enhancing the attack effectiveness. Results Through a series of experiments the success rate of non-targeted black-box attacks against the target model exceeded 70%. On the CIFAR100 dataset compared with other black-box attack methods the success rate of targeted attacks increased by more than 2% and the required query budget was lower for achieving the same attack effect. Conclusion The proposed method efficiently fits the decision boundary of the target model and demonstrates good attack effectiveness.