Critical Wormhole Tools - Secure network utilities using Magic Wormhole code-based addressing
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
Critical Wormhole Tools
Secure network utilities using Magic Wormhole code-based addressing
What is Critical Wormhole Tools?
Critical Wormhole Tools (cwt / wh) brings the power of Magic Wormhole code-based addressing to everyday network utilities. Instead of dealing with IP addresses, port forwarding, and firewall rules, simply share a human-readable code like 7-guitar-sunset and connect securely from anywhere in the world.
┌─────────────────┐ ┌─────────────────┐
│ Your Machine │ │ Remote Machine │
│ │ "7-guitar-sunset" │ │
│ wh ssh ───────┼──────────────────────────────┼─────── wh listen│
│ │ End-to-End Encrypted │ --ssh │
└─────────────────┘ NAT Traversal Built-in └─────────────────┘
Key Features
- No IP addresses - Use memorable codes like
7-guitar-sunset - No port forwarding - Works through NAT and firewalls automatically
- End-to-end encrypted - PAKE-based key agreement, no trusted third parties
- Cross-platform - Works on Linux, macOS, and Windows
- Familiar tools - Same interface as netcat, ssh, scp, sftp, curl, wget
Installation
Using pip (Recommended)
pip install critical-wormhole-tools
Using pipx (Isolated Environment)
pipx install critical-wormhole-tools
Using Homebrew (macOS/Linux)
brew tap bshuler/critical-wormhole
brew install critical-wormhole
Using Chocolatey (Windows)
choco install critical-wormhole-tools
From Source
git clone https://github.com/bshuler/critical-wormhole-tools.git
cd cwt
pip install -e ".[dev]"
Quick Start
1. Netcat (wh nc)
Machine A (Listen):
wh nc -l
# Output: Listening on code: 7-guitar-sunset
Machine B (Connect):
echo "Hello through the wormhole!" | wh nc 7-guitar-sunset
2. SSH (wh ssh)
Server (Listen):
wh listen --ssh
# Output: Listening on code: 3-castle-thunder
# SSH server ready
Client (Connect):
wh ssh 3-castle-thunder
# You're now in a shell on the remote machine!
3. File Transfer (wh scp)
Server:
wh listen --ssh
# Output: Listening on code: 5-river-mountain
Client - Download:
wh scp 5-river-mountain:/path/to/remote/file.txt ./local/
Client - Upload:
wh scp ./local/file.txt 5-river-mountain:/path/to/remote/
4. Interactive SFTP (wh sftp)
wh sftp 5-river-mountain
sftp> ls
sftp> get documents/report.pdf
sftp> put ./data.csv /home/user/
sftp> quit
5. HTTP Requests (wh curl)
Server (HTTP Proxy):
wh listen --http
# Output: Listening on code: 2-ocean-breeze
Client:
wh curl --code 2-ocean-breeze https://api.example.com/data
wh curl --code 2-ocean-breeze -X POST -d '{"key":"value"}' https://api.example.com/
6. File Download (wh wget)
wh wget --code 2-ocean-breeze https://example.com/large-file.zip
Commands Reference
| Command | Description | Example |
|---|---|---|
wh nc |
Netcat-style bidirectional pipe | wh nc 7-guitar-sunset |
wh nc -l |
Listen for incoming connections | wh nc -l |
wh listen |
Multi-purpose listener daemon | wh listen --ssh |
wh ssh |
SSH client over wormhole | wh ssh 3-castle-thunder |
wh scp |
Secure copy files | wh scp code:/remote ./local |
wh sftp |
Interactive SFTP session | wh sftp 3-castle-thunder |
wh curl |
HTTP requests through proxy | wh curl --code X http://... |
wh wget |
Download files via HTTP proxy | wh wget --code X http://... |
How It Works
Critical Wormhole Tools uses Magic Wormhole's Dilation protocol:
- Code Exchange: Both parties enter the same code (e.g.,
7-guitar-sunset) - PAKE Handshake: Password-Authenticated Key Exchange establishes shared secrets
- Direct Connection: Attempts direct P2P connection with NAT traversal
- Relay Fallback: If direct fails, uses relay server (data still encrypted)
- Streaming: Dilated wormhole provides reliable, ordered, bidirectional streams
┌────────┐ ┌─────────────┐ ┌────────┐
│ Client │◄───────►│ Mailbox │◄───────►│ Server │
│ │ Code │ Server │ Code │ │
└───┬────┘ └─────────────┘ └────┬───┘
│ │
│ PAKE Key Exchange │
│◄─────────────────────────────────────────►│
│ │
│ Direct P2P (if possible) │
│◄═════════════════════════════════════════►│
│ or via Transit Relay │
│ (still E2E encrypted) │
└───────────────────────────────────────────┘
Security
- PAKE (SPAKE2): No passwords transmitted, even to relay servers
- NaCl encryption: Industry-standard cryptographic primitives
- Forward secrecy: Each session uses unique keys
- No account required: Anonymous, decentralized by design
- Verifier display: Optional visual verification of connection
Use Cases
Remote Access Without VPN
Access your home server from anywhere without setting up port forwarding or dynamic DNS.
Quick File Sharing
Share files between machines without uploading to cloud services.
Pair Programming
Give a colleague SSH access to your development machine temporarily.
IoT Device Access
Connect to devices behind carrier-grade NAT.
Secure API Testing
Make HTTP requests to internal APIs through a trusted proxy.
Configuration
Environment Variables
| Variable | Description | Default |
|---|---|---|
WH_RELAY |
Mailbox relay URL | ws://relay.magic-wormhole.io:4000/v1 |
WH_TRANSIT |
Transit relay | tcp:transit.magic-wormhole.io:4001 |
WH_SSH_PASSWORD |
SSH password (avoid prompts) | - |
Custom Relay
For privacy or performance, run your own relay:
# Use custom relay
wh --relay ws://my-relay.example.com:4000/v1 nc -l
Development
Setup
git clone https://github.com/bshuler/critical-wormhole-tools.git
cd cwt
pip install -e ".[dev]"
Run Tests
# All tests
pytest
# Unit tests only (fast)
pytest tests/unit
# With coverage
pytest --cov=wh --cov-report=html
Code Quality
# Linting
ruff check src tests
# Type checking
mypy src
Roadmap
- Permanent Addresses: Static wormhole codes for persistent services
- Browser Extension: Browse wormhole-hosted sites in Chrome/Firefox
- Web Server Integration: Apache/Nginx/HAProxy wormhole modules
- wh ping: Network diagnostics through wormhole
- wh rsync: Efficient file synchronization
- wh proxy: SOCKS5 proxy through wormhole
See ROADMAP.md for detailed plans.
Contributing
Contributions are welcome! Please read our Contributing Guide first.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing) - Open a Pull Request
License
MIT License - see LICENSE for details.
Acknowledgments
- Magic Wormhole - The amazing protocol this is built on
- AsyncSSH - SSH implementation
- Twisted - Async networking framework
Connect securely. Share easily. No IP addresses required.
GitHub • PyPI • Issues • Discussions
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file critical_wormhole_tools-0.1.0.tar.gz.
File metadata
- Download URL: critical_wormhole_tools-0.1.0.tar.gz
- Upload date:
- Size: 31.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
72330a20206e3e1f31f4ea340f5ce1a959672487567c335a3c0de7c7bcd035e5
|
|
| MD5 |
f8a9000cfb9df9900f371e315082604b
|
|
| BLAKE2b-256 |
d89a0ad00595d7090a621ef92b318ca78e9c21d6b72942af0fa46405d641c016
|
Provenance
The following attestation bundles were made for critical_wormhole_tools-0.1.0.tar.gz:
Publisher:
publish.yml on bshuler/critical-wormhole-tools
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
critical_wormhole_tools-0.1.0.tar.gz -
Subject digest:
72330a20206e3e1f31f4ea340f5ce1a959672487567c335a3c0de7c7bcd035e5 - Sigstore transparency entry: 800628157
- Sigstore integration time:
-
Permalink:
bshuler/critical-wormhole-tools@ccfa6dbddfe66d68dd46f36f8d232540a3cb1a44 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/bshuler
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ccfa6dbddfe66d68dd46f36f8d232540a3cb1a44 -
Trigger Event:
release
-
Statement type:
File details
Details for the file critical_wormhole_tools-0.1.0-py3-none-any.whl.
File metadata
- Download URL: critical_wormhole_tools-0.1.0-py3-none-any.whl
- Upload date:
- Size: 43.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9f339159ca822a4e64948dc00d0f9756fe5f023fba4dc781e9a76371ed0c6311
|
|
| MD5 |
ef9f621fb6a9de8a5c3ef22f4a349ea4
|
|
| BLAKE2b-256 |
e911cf9a27875a634c4bb2f194269237798d4b2e5417d8178136c26ba6067e07
|
Provenance
The following attestation bundles were made for critical_wormhole_tools-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on bshuler/critical-wormhole-tools
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
critical_wormhole_tools-0.1.0-py3-none-any.whl -
Subject digest:
9f339159ca822a4e64948dc00d0f9756fe5f023fba4dc781e9a76371ed0c6311 - Sigstore transparency entry: 800628215
- Sigstore integration time:
-
Permalink:
bshuler/critical-wormhole-tools@ccfa6dbddfe66d68dd46f36f8d232540a3cb1a44 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/bshuler
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@ccfa6dbddfe66d68dd46f36f8d232540a3cb1a44 -
Trigger Event:
release
-
Statement type:
