shootback - a reverse TCP tunnel let you access target behind NAT or firewall

shootback is a reverse TCP tunnel let you access target behind NAT or firewall
Consumes less than 1% CPU and 8MB memory under 800 concurrency.
slaver is single file and only depends on python(2.7/3.4+) standard library.

How it works

Typical Scene

1. Access company/school computer(no internet IP) from home
2. Make private network/site public.
3. Help private network penetration.
4. Help CTF offline competitions.
5. Connect to device with dynamic IP, such as ADSL

Getting started

1. requirement:
   • Master: Python3.4+, OS independent
   • Slaver: Python2.7/3.4+, OS independent
   • no external dependencies, only python std lib
2. download git clone https://github.com/aploium/shootback
3. (optional) if you need a single-file slaver.py, run python3 build_singlefile_slaver.py
4. run these command
   

   # master listen :10000 for slaver, :10080 for you
   python3 master.py -m 0.0.0.0:10000 -c 127.0.0.1:10080
   
   # slaver connect to master, and use example.com as tunnel target
   # ps: you can use python2 in slaver, not only py3
   python3 slaver.py -m 127.0.0.1:10000 -t example.com:80
   
   # doing request to master
   curl -v -H "host: example.com" 127.0.0.1:10080
   # -- some HTML content from example.com --
   # -- some HTML content from example.com --
   # -- some HTML content from example.com --

5. a more reality example:
   assume your master is 22.33.44.55 (just like the graph above)
   

   # slaver_local_ssh <---> slaver <--> master(22.33.44.55) <--> You
   
   # ---- master ----
   python3 master.py -m 0.0.0.0:10000 -c 0.0.0.0:10022
   
   # ---- slaver ----
   python(or python3) slaver.py -m 22.33.44.55:10000 -t 127.0.0.1:22
   
   # ---- YOU ----
   ssh 22.33.44.55 -p 10022

6. for more help, please see python3 master.py --help and python3 slaver.py --help
   

Tips

1. run in daemon:
   nohup python(or python3) slaver.py -m host:port -t host:port -q &
   or:
   

   # screen is a linux command
   screen
   python(or python3) slaver.py -m host:port -t host:port
   # press  ctrl-a d  to detach screen
   # and if necessary, use "screen -r" to reattach

2. ANY service using TCP is shootback-able. HTTP/FTP/Proxy/SSH/VNC/...
   
3. shootback itself just do the transmission job, do not handle encrypt or proxy.
   however you can use a 3rd party proxy (eg: shadowsocks) as slaver target.
   for example:
   shadowsocks_server<-->shootback_slaver<-->shootback_master<-->shadowsocks_client(socks5)
   

Warning

1. in windows, due to the limit of CPython select.select() , shootback can NOT handle more than 512 concurrency, you may meet
   ValueError: too many file descriptors in select()
   If you have to handle such high concurrency in windows, Anaconda-Python3 is recommend, it's limit in windows is 2048

Performance

1. in my laptop of intel I7-4710MQ, win10 x64:
   • 1.6Gbits/s of loopback transfer (using iperf), with about 5% CPU occupation.
   • 800 thread ApacheBench, with less than 1% CPU and 8MB memory consume

Download shootback

Read More

PackETH - Ethernet Packet Generator

PackETH is GUI and CLI packet generator tool for ethernet. It allows you to create and send any possible packet or sequence of packets on the ethernet link. It is very simple to use, powerful and supports many adjustments of parameters while sending sequence of packets. And lastly, it has the most beautiful web site of all the packet generators.

Features & Video

• you can create and send any ethernet packet. Supported protocols:
• ethernet II, ethernet 802.3, 802.1q, QinQ, user defined ethernet frame
• ARP, IPv4, IPv6, user defined network layer payload
• UDP, TCP, ICMP, ICMPv6, IGMP, user defined transport layer payload
• RTP (payload with options to send sin wave of any frequency for G.711)
• JUMBO frames (if network driver supports it)
• sending sequence of packets
• delay between packets, number of packets to send
• sending with max speed, approaching the theoretical boundary
• change parameters while sending (change IP & mac address, UDP payload, 2 user defined bytes, etc.)
• saving configuration to a file and load from it - pcap format supported

Download PackETH

Read More

NetworkTrafficView - Monitor the traffic on your network adapter

NetworkTrafficView is a network monitoring tool that captures the packets pass through your network adapter, and displays general statistics about your network traffic. The packets statistics is grouped by the Ethernet Type, IP Protocol, Source/Destination Addresses, and Source/Destination ports. For every statistics line, the following information is displayed: Ethernet Type (IPv4, IPv6, ARP), IP Protocol (TCP, UDP, ICMP), Source Address, Destination Address, Source Port, Destination Port, Service Name (http, ftp, and so on), Packets Count, Total Packets Size, Total Data Size, Data Speed, Maximum Data Speed, Average Packet Size, First/Last Packet Time, Duration, and process ID/Name (For TCP connections).

Download NetworkTrafficView

Read More

[SPS] Simple Packet Sender

A Linux packet crafting tool. Supports IPv4, IPv6 including extension headers, and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+ and released under GPLv3. Does not require pcap.

Features:

Packet crafting and sending one, multiple, or flooding IPv4 and IPv6 packets of type TCP, ICMP, or UDP (or cycle through all three). All values within ethernet frame can be modified arbitrarily. Supports IPv4 header options, TCP header options, and TCP, ICMP and UDP data as well, input from either: keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file.

IPv6 support includes: hop-by-hop, "first" and "last" destination, routing, authentication, and encapsulating security payload (ESP) extension headers. For those without access to a native IPv6 network, IPv6 packets can be transmitted over IPv4 (6to4).

Packet fragmentation for IPv4, IPv6, and 6to4. Assumed maximum transmission unit (MTU) can be changed if unusual fragment sizes are needed.

IP addresses and port numbers can be randomized.

A configurable traceroute function, which supports TCP, ICMP, and UDP packets with all the features mentioned above.

View packets in hexadecimal/ASCII representation, in both unfragmented and fragmented forms.

All packet settings can be saved to and loaded from file.

IP and ASN delegation functions, including: country name/code search and reverse-search, autonomous system (AS) number search by country and reverse-search,  IPv4 and IPv6 address delegation search and reverse-search.

ARP (IPv4) and Neighbor Discovery (IPv6) for querying a LAN for MAC addresses of local nodes.

Retrieve MAC address and current MTU setting of any attached network interface.

Domain name resolution and reverse resolution.

Download SPS

Read More