Skip to content

Instantly share code, notes, and snippets.

@zeroward

zeroward/SSH-TunnelGen.py

Created September 28, 2018 02:41
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save zeroward/1eff6ed8709ed592a292f4eee40bb691 to your computer and use it in GitHub Desktop.
Save zeroward/1eff6ed8709ed592a292f4eee40bb691 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
SSH-TunnelGen.py
#!/usr/bin/python
import pexpect
from pexpect import pxssh
import time
# Some Global Configurations
sleep_time = 10
# use_psk = no
# Collect the creds
def cred_collect():
username = raw_input('Username: ')
password = raw_input('Password: ')
return username, password
def forward_tunnel(hostname, username, password, lport, destination, dport):
try:
# /usr/bin/ssh username@hostname -NfL lport:destination:dport
child = pexpect.spawn('/usr/bin/ssh ' + username + '@' + hostname + ' -NfL ' + lport + ':' + destination + ':' + dport)
child.expect(':', timeout=5)
print("Generating Tunnel, wait 10 seconds")
child.sendline(password)
time.sleep(sleep_time)
print("Tunnel created, localport "+lport+" traffic directed to "+destination+":"+dport)
# Catch All?
except:
print("Shit broke")
def reverse_tunnel(hostname, username, password, bind_port, reverse_ip, reverse_port):
try:
# /usr/bin/ssh -NfR bind_port:reverse_ip:reverse_port username@hostname
child = pexpect.spawn('/usr/bin/ssh' + ' -NfR ' + bind_port + ':' + reverse_ip + ':' + reverse_port + ' ' + username + '@' + hostname)
child.expect(':', timeout=5)
print("Generating Tunnel, wait 10 seconds")
child.sendline(password)
time.sleep(sleep_time)
print("Tunnel created, traffic aimed at "+bind_port+" now directed to "+reverse_ip+":"+reverse_port)
# Catch All?
except:
print("Shit broke")
def dynamic_tunnel(hostname, username, password, dynamic_port):
try:
# /usr/bin/ssh username@hostname -NfD dynamic_port
child = pexpect.spawn('/usr/bin/ssh ' + username + '@' + hostname + ' -NfD ' + dynamic_port)
child.expect(':', timeout=5)
print("Generating Tunnel, wait 10 seconds")
child.sendline(password)
time.sleep(sleep_time)
print("Tunnel created, Dynamic Tunnel(Socks5) on "+dynamic_port)
# Catch All?
except:
print("Shit broke")
def tunnel_magic(switch):
while True:
# listening_port:destination_ip:destination_port
if switch == "L":
listening_port = raw_input('Listening Port: ')
destination_ip = raw_input('Destination IP: ')
destination_port = raw_input('Destination Port: ')
return listening_port, destination_ip, destination_port
# remote_port:reverse_ip:reverse_port
elif switch == "R":
remote_port = raw_input('Remote Port: ')
reverse_ip = raw_input('Reverse IP: ')
reverse_port = raw_input('Reverse Port: ')
return remote_port, reverse_ip, reverse_port
# dynamic_port (SOCKS5)
elif switch == "D":
dynamic_port = raw_input('Dynamic Port: ')
return dynamic_port
else:
switch = raw_input('Please select either L,R, or D: ')
# Ghetto way to ensure RSA ID Key is accepted.
def connection_check(hostname, username, password):
try:
s = pxssh.pxssh()
s.login(hostname, username, password)
s.logout()
except pxssh.ExceptionPxssh as e:
print("pxssh failed on login.")
print(e)
# Where the magic happens
def main():
hostname = raw_input('Host to connect to: ')
username, password = cred_collect()
connection_check(hostname, username, password)
switch = raw_input("Forward(L), Reverse(R), or Dynamic(D) Tunnel?: ")
if switch == "L":
lport, dip, dport = tunnel_magic(switch)
forward_tunnel(hostname, username, password, lport, dip, dport)
elif switch == "R":
rport, reip, report = tunnel_magic(switch)
reverse_tunnel(hostname, username, password, rport, reip, report)
elif switch == "D":
dport = tunnel_magic(switch)
dynamic_tunnel(hostname, username, password, dport)
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment