Created
September 28, 2018 02:41
-
-
Save zeroward/1eff6ed8709ed592a292f4eee40bb691 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import pexpect | |
from pexpect import pxssh | |
import time | |
# Some Global Configurations | |
sleep_time = 10 | |
# use_psk = no | |
# Collect the creds | |
def cred_collect(): | |
username = raw_input('Username: ') | |
password = raw_input('Password: ') | |
return username, password | |
def forward_tunnel(hostname, username, password, lport, destination, dport): | |
try: | |
# /usr/bin/ssh username@hostname -NfL lport:destination:dport | |
child = pexpect.spawn('/usr/bin/ssh ' + username + '@' + hostname + ' -NfL ' + lport + ':' + destination + ':' + dport) | |
child.expect(':', timeout=5) | |
print("Generating Tunnel, wait 10 seconds") | |
child.sendline(password) | |
time.sleep(sleep_time) | |
print("Tunnel created, localport "+lport+" traffic directed to "+destination+":"+dport) | |
# Catch All? | |
except: | |
print("Shit broke") | |
def reverse_tunnel(hostname, username, password, bind_port, reverse_ip, reverse_port): | |
try: | |
# /usr/bin/ssh -NfR bind_port:reverse_ip:reverse_port username@hostname | |
child = pexpect.spawn('/usr/bin/ssh' + ' -NfR ' + bind_port + ':' + reverse_ip + ':' + reverse_port + ' ' + username + '@' + hostname) | |
child.expect(':', timeout=5) | |
print("Generating Tunnel, wait 10 seconds") | |
child.sendline(password) | |
time.sleep(sleep_time) | |
print("Tunnel created, traffic aimed at "+bind_port+" now directed to "+reverse_ip+":"+reverse_port) | |
# Catch All? | |
except: | |
print("Shit broke") | |
def dynamic_tunnel(hostname, username, password, dynamic_port): | |
try: | |
# /usr/bin/ssh username@hostname -NfD dynamic_port | |
child = pexpect.spawn('/usr/bin/ssh ' + username + '@' + hostname + ' -NfD ' + dynamic_port) | |
child.expect(':', timeout=5) | |
print("Generating Tunnel, wait 10 seconds") | |
child.sendline(password) | |
time.sleep(sleep_time) | |
print("Tunnel created, Dynamic Tunnel(Socks5) on "+dynamic_port) | |
# Catch All? | |
except: | |
print("Shit broke") | |
def tunnel_magic(switch): | |
while True: | |
# listening_port:destination_ip:destination_port | |
if switch == "L": | |
listening_port = raw_input('Listening Port: ') | |
destination_ip = raw_input('Destination IP: ') | |
destination_port = raw_input('Destination Port: ') | |
return listening_port, destination_ip, destination_port | |
# remote_port:reverse_ip:reverse_port | |
elif switch == "R": | |
remote_port = raw_input('Remote Port: ') | |
reverse_ip = raw_input('Reverse IP: ') | |
reverse_port = raw_input('Reverse Port: ') | |
return remote_port, reverse_ip, reverse_port | |
# dynamic_port (SOCKS5) | |
elif switch == "D": | |
dynamic_port = raw_input('Dynamic Port: ') | |
return dynamic_port | |
else: | |
switch = raw_input('Please select either L,R, or D: ') | |
# Ghetto way to ensure RSA ID Key is accepted. | |
def connection_check(hostname, username, password): | |
try: | |
s = pxssh.pxssh() | |
s.login(hostname, username, password) | |
s.logout() | |
except pxssh.ExceptionPxssh as e: | |
print("pxssh failed on login.") | |
print(e) | |
# Where the magic happens | |
def main(): | |
hostname = raw_input('Host to connect to: ') | |
username, password = cred_collect() | |
connection_check(hostname, username, password) | |
switch = raw_input("Forward(L), Reverse(R), or Dynamic(D) Tunnel?: ") | |
if switch == "L": | |
lport, dip, dport = tunnel_magic(switch) | |
forward_tunnel(hostname, username, password, lport, dip, dport) | |
elif switch == "R": | |
rport, reip, report = tunnel_magic(switch) | |
reverse_tunnel(hostname, username, password, rport, reip, report) | |
elif switch == "D": | |
dport = tunnel_magic(switch) | |
dynamic_tunnel(hostname, username, password, dport) | |
if __name__ == "__main__": | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment