A tool to make socks connections through HTTP agents

These details have not been verified by PyPI

Project links

Homepage

Project description

pivotnacci

Pivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server which communicates with HTTP agents. The architecture looks like the following:

This tool was inspired by the great reGeorg. However, it includes some improvements:

Support for balanced servers
Customizable polling interval, useful to reduce detection rates
Auto drop connections closed by a server
Modular and cleaner code
Installation through pip
Password-protected agents

Supported socks protocols

Socks 4
Socks 5
- No authentication
- User password
- GSSAPI

Installation

From python packages:

pip3 install pivotnacci

From repository:

git clone https://github.com/blackarrowsec/pivotnacci.git
cd pivotnacci/
pip3 install -r requirements.txt # to avoid installing on the OS
python3 setup.py install # to install on the OS

Usage

Upload the required agent (php, jsp or aspx) to a webserver
Start the socks server once the agent is deployed
Configure proxychains or any other proxy client (the default listening port for pivotnacci socks server is 1080)

$ pivotnacci -h
usage: pivotnacci [-h] [-s addr] [-p port] [--verbose] [--ack-message message]
                  [--password password] [--user-agent user_agent]
                  [--header header] [--proxy [protocol://]host[:port]]
                  [--type type] [--polling-interval milliseconds]
                  [--request-tries number] [--retry-interval milliseconds]
                  url

Socks server for HTTP agents

positional arguments:
  url                   The url of the agent

optional arguments:
  -h, --help            show this help message and exit
  -s addr, --source addr
                        The default listening address (default: 127.0.0.1)
  -p port, --port port  The default listening port (default: 1080)
  --verbose, -v
  --ack-message message, -a message
                        Message returned by the agent web page (default:
                        Server Error 500 (Internal Error))
  --password password   Password to communicate with the agent (default: )
  --user-agent user_agent, -A user_agent
                        The User-Agent header sent to the agent (default:
                        pivotnacci/0.0.1)
  --header header, -H header
                        Send custom header. Specify in the form 'Name: Value'
                        (default: None)
  --proxy [protocol://]host[:port], -x [protocol://]host[:port]
                        Set the HTTP proxy to use.(Environment variables
                        HTTP_PROXY and HTTPS_PROXY are also supported)
                        (default: None)
  --type type, -t type  To specify agent type in case is not automatically
                        detected. Options are ['php', 'jsp', 'aspx'] (default:
                        None)
  --polling-interval milliseconds
                        Interval to poll the agents (for recv operations)
                        (default: 100)
  --request-tries number
                        The number of retries for each request to an agent. To
                        use in case of balanced servers (default: 50)
  --retry-interval milliseconds
                        Interval to retry a failure request (due a balanced
                        server) (default: 100)

Examples

Using an agent with password s3cr3t (AGENT_PASSWORD variable must be modified at the agent side as well):

pivotnacci  https://domain.com/agent.php --password "s3cr3t"

Using a custom HTTP Host header and a custom CustomAgent User-Agent:

pivotnacci  https://domain.com/agent.jsp -H 'Host: vhost.domain.com' -A 'CustomAgent'

Setting a different agent message 418 I'm a teapot (ACK_MESSAGE variable must be modified at the agent side as well):

pivotnacci https://domain.com/agent.aspx --ack-message "418 I'm a teapot"

Reduce detection rate (e.g. WAF) by setting the polling interval to 2 seconds:

pivotnacci  https://domain.com/agent.php --polling-interval 2000

Author

Eloy Pérez (@Zer1t0) [ www.blackarrow.net - www.tarlogic.com ]

License

All the code included in this project is licensed under the terms of the GNU AGPLv3 license.

Project details

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

This version

0.0.2

May 25, 2020

0.0.1

Apr 28, 2020

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pivotnacci-0.0.2.tar.gz (24.4 kB view details)

Uploaded May 25, 2020 Source

Built Distribution

pivotnacci-0.0.2-py3-none-any.whl (30.7 kB view details)

Uploaded May 25, 2020 Python 3

File details

Details for the file pivotnacci-0.0.2.tar.gz.

File metadata

Download URL: pivotnacci-0.0.2.tar.gz
Upload date: May 25, 2020
Size: 24.4 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.45.0 CPython/3.7.3

File hashes

Hashes for pivotnacci-0.0.2.tar.gz
Algorithm	Hash digest
SHA256	`791993236790633eeb94aa84bece9a3bdec4040db66a8fb11436223adc7674f1`
MD5	`8b5f732342c07af35765ecbc56c713cd`
BLAKE2b-256	`a167f355d3d4f98b2fc640f775ee3772b08ab8b6dffd7bd2e65ecc0664970f92`

See more details on using hashes here.

File details

Details for the file pivotnacci-0.0.2-py3-none-any.whl.

File metadata

Download URL: pivotnacci-0.0.2-py3-none-any.whl
Upload date: May 25, 2020
Size: 30.7 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.45.0 CPython/3.7.3

File hashes

Hashes for pivotnacci-0.0.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`e4b24a100942030e4e8331d14774a796694f014af7f5743df93be718c2bca2d6`
MD5	`c0edd3b3693d9ec6a91011f350f5a769`
BLAKE2b-256	`582056124eaebdab58556c5cd85964b9ecc6aa0e8551da16e1d448874997eb56`