def handle(self, input, lhost, lport, port=80): # Construct command cmd = "-s %s;%s:%s" % (port, lhost, lport) # Launch tor self.log.info("Connecting to tor...") with Container.run( "dperson/torproxy:latest", network="host", # Use host network to allow local addresses command=cmd) as container: # Wait for successful connection for log in container.logs(stream=True, follow=True): self.log.logger.debug(log.strip().decode()) if b"Bootstrapped 100% (done): Done" in log: # Fetch service address status, result = container.exec_run( "cat /var/lib/tor/hidden_service/hostname") if status == 0: self.log.info("Connected, serving %s:%i at %s", lhost, lport, result.decode()) else: raise Exception(result)
def handle(self, input, interface="0.0.0.0", port=5601, elastic_url="http://127.0.0.1:9200"): assert elastic_url, "Must specify url of elasticsearch instance" with Mount("/conf") as mount: # Write kibana configuration with mount.open("kibana.yml", "w") as f: f.write("elasticsearch.hosts: %s\n" % elastic_url) # string or list f.write("server.host: %s\n" % interface) f.write("server.port: %i\n" % port) f.write("server.name: %s\n" % self.__name__) f.write("telemetry.optIn: false\n") f.write("telemetry.enabled: false\n") # Launch kibana with Container.run( "docker.elastic.co/kibana/kibana:7.10.0", network="host", # Use host network to enable localhost stdin_open=True, tty=True, volumes=mount.volumes, command="/usr/local/bin/kibana-docker -c /conf/kibana.yml" ) as container: container.interact()
def handle(self, input, port=5432, interface="0.0.0.0", user="******", password="******", db="postgres", directory=None): # Mount local directory volumes = {} if directory: volumes[os.path.abspath(directory)] = { "bind": "/var/lib/postgresql/data" } # Launch postgres with Container.run("postgres:latest", ports={"5432/tcp": (interface, port)}, volumes=volumes, environment={ "POSTGRES_USER": user, "POSTGRES_PASSWORD": password, "POSTGRES_DB": db, "PGDATA": "/var/lib/postgresql/data/pgdata", }) as container: # Print logs if requested for log in container.logs(stream=True, follow=True): self.log.logger.debug(log.strip().decode())
def handle(self, input, proxy=None, secure=False, write=None): # Construct command cmd = "/usr/bin/speedtest" cmd += " --share" if write: cmd += " --%s" % write if secure: cmd += " --secure" env = {} if proxy: env["HTTP_PROXY"] = proxy # Launch speedtest with Container.run("local/speedtest:1.0.0", network="host", # Enable localhost for proxy stdin_open=not write, tty=not write, environment=env, command=cmd) as container: if write: yield container.output() else: container.interact()
def handle(self, input, lhost, lport, rhost, rport, key=None, certificate=None, ca=None, version=None): with Mount("/data", "ro") as mount: # Construct command cmd = "socat" cmd += " openssl-listen:%i,bind=%s,fork,reuseaddr" % (lport, lhost) cmd += ",key=/data/key.pem,cert=/data/cert.pem" if version: self.log.debug("Using version: %s", version) cmd += ",method=%s" % version # Write supplied TLS key/certificate if key and certificate: self.log.debug("Using key: %s", key.name) with mount.open("key.pem", "wb") as f: f.write(key.read()) self.log.debug("Using certificate: %s", certificate.name) with mount.open("cert.pem", "wb") as f: f.write(certificate.read()) # Write generated TLS key/certificate else: if key: self.log.warning("Missing certificate, using self-signed") if certificate: self.log.warning("Missing key, using self-signed") self.log.debug("Generating self-signed certificate") import lets.generate.tls.certificate pem = lets.generate.tls.certificate() with mount.open("key.pem", "wb") as f: f.write(pem) with mount.open("cert.pem", "wb") as f: f.write(pem) # Write certificate authority if ca: self.log.debug("Verifying peer with certificate: %s", ca.name) with mount.open("ca.pem", "wb") as f: f.write(ca.read()) cmd += ",cafile=/data/ca.pem" else: cmd += ",verify=0" cmd += " tcp-connect:%s:%i" % (rhost, rport) # Launch redirector with Container.run("local/socat:1.0.1", network="host", # Use host network to allow local addresses tty=True, stdin_open=True, volumes=mount.volumes, command=cmd) as container: self.log.info("Redirecting TLS(%s:%i) to TCP(%s:%i)", lhost, lport, rhost, rport) container.interact()
def test_images(self): """ Test that required images work on the given architecture. """ output = b"" image = "dperson/openvpn-client:latest" with Container.run(image, command="-h") as container: output = container.output() self.assertRegex(output, b"Usage: ", "Image (%s) failed for architecture: %s" % (image, platform.machine()))
def test_images(self): """ Test that required images work on the given architecture. """ output = b"" image = "docker.elastic.co/kibana/kibana:7.10.0" with Container.run(image, command="kibana -h") as container: output = container.output() self.assertRegex( output, b"Usage:", "Image (%s) failed for architecture: %s" % (image, platform.machine()))
def test_images(self): """ Test that required images work on the given architecture. """ import platform output = b"" image = "local/speedtest:1.0.0" with Container.run(image, command="speedtest -h") as container: output = container.output() self.assertRegex(output, b"usage:", "Image (%s) failed for architecture: %s" % (image, platform.machine()))
def test_images(self): """ Test that required images work on the given architecture. """ output = b"" image = "mitmproxy/mitmproxy:%s" % ("5.0.1-ARMv7" if arm else "5.0.1") with Container.run(image, command="mitmproxy -h") as container: output = container.output() self.assertRegex( output, b"usage: mitmproxy", "Image (%s) failed for architecture: %s" % (image, platform.machine()))
def test_images(self): """ Test that required images work on the given architecture. """ output = b"" image = "wernight/ngrok:%s" % ("armhf" if arm else "latest") with Container.run(image, command="ngrok help") as container: output = container.output() self.assertRegex( output, b"inconshreveable", "Image (%s) failed for architecture: %s" % (image, platform.machine()))
def test_images(self): """ Test that required images work on the given architecture. """ import platform output = b"" image = "postgres:latest" with Container.run(image, command="postgres --help") as container: output = container.output() self.assertRegex( output, b"Usage:", "Image (%s) failed for architecture: %s" % (image, platform.machine()))
def handle(self, input, interface="0.0.0.0", port=9200): # Launch elasticsearch with Container.run( "docker.elastic.co/elasticsearch/elasticsearch:7.10.0", stdin_open=True, tty=True, ports={"%s/tcp" % port: (interface, port)}, environment={ "discovery.type": "single-node", "cluster.name": self.__name__, "network.host": "0.0.0.0", "http.port": port, }) as container: container.interact()
def handle(self, input, port=53, interface="0.0.0.0", upstream=None, cache=150): with Mount("/data") as mount: # Construct command cmd = "dnsmasq -C /data/dnsmasq.conf -d" # Write configuration with mount.open("dnsmasq.conf", "w") as f: f.write("port=%i\n" % port) f.write("listen-address=%s\n" % interface) f.write("bind-interfaces\n") f.write("log-queries\n") f.write("cache-size=%i\n" % cache) # Add upstream servers f.write("no-resolv\n") # Don't read /etc/resolv.conf if upstream: if not isinstance(upstream, list): upstream = [upstream] for server in upstream: f.write("server=%s\n" % server) # Add hosts f.write("no-hosts\n") # Don't read /etc/hosts if input: f.write("addn-hosts=/data/hosts\n") with mount.open("hosts", "wb") as h: for data in input: h.write(data) # Launch dnsmasq with Container.run("local/dnsmasq:1.0.0", stdin_open=True, tty=True, network="host", volumes=mount.volumes, command=cmd) as container: container.interact()
def handle(self, input, lhost, lport, rhost, rport): # Construct command cmd = "socat" cmd += " tcp-listen:%i,bind=%s,fork,reuseaddr" % (lport, lhost) cmd += " tcp-connect:%s:%i" % (rhost, rport) # Launch redirector with Container.run( "local/socat:1.0.1", network="host", # Use host network to allow local addresses tty=True, stdin_open=True, command=cmd) as container: self.log.info("Redirecting TCP(%s:%i) to TCP(%s:%i)", lhost, lport, rhost, rport) container.interact()
def handle(self, input, port=8080, interface="0.0.0.0", mitm=False, ca=None): with Mount("/root/.mitmproxy") as mount: # Write certificate authority if ca: self.log.debug("Writing certificate authority (%s)", ca.name) with mount.open("mitmproxy-ca.pem", "wb") as f: f.write(ca.read()) # Construct command if mitm: cmd = "/usr/bin/mitmproxy" # Bypass entrypoint to mount CA cmd += " --anticomp --anticache -k" # Maximize request exposure cmd += " --mode socks5 --showhost" cmd += " --listen-host %s" % interface cmd += " --listen-port %i" % port else: cmd = "/usr/bin/mitmdump" # Bypass entrypoint to mount CA cmd += " --ignore-hosts .*" # Disable TLS intercept cmd += " --mode socks5 --showhost" cmd += " --listen-host %s" % interface cmd += " --listen-port %i" % port # Launch proxy self.log.debug("Launching proxy server") with Container.run( "mitmproxy/mitmproxy:%s" % ("5.0.1-ARMv7" if arm else "5.0.1"), network="host", # Use host network to enable local addresses tty=True, stdin_open=True, volumes=mount.volumes, command=cmd) as container: self.log.info("Proxy server listening at http://%s:%i", interface, port) container.interact() if mitm else container.wait()
def handle(self, input, port=9050, interface="0.0.0.0", country=None): # Construct command cmd = "" if country: self.log.info("Using country code: %s", country) cmd += " -l %s" % country # Launch tor self.log.info("Connecting to tor...") with Container.run("dperson/torproxy:latest", ports={"9050/tcp": (interface, port)}, command=cmd) as vpn: # Wait for successful connection for log in vpn.logs(stream=True, follow=True): self.log.logger.debug(log.strip().decode()) if b"Bootstrapped 100% (done): Done" in log: self.log.info("Connected to tor, listening on %s:%i", interface, port)
def handle(self, input, interface="0.0.0.0", port=5601, elastic_url=None, directory=None): assert elastic_url, "Must specify url of elasticsearch instance" with Mount("/conf") as mount: # Write kibana configuration with mount.open("kibana.yml", "w") as f: f.write("elasticsearch.hosts: %s\n" % elastic_url) # string or list f.write("server.host: %s\n" % interface) f.write("server.port: %i\n" % port) f.write("server.name: %s\n" % self.__name__) f.write("telemetry.optIn: false\n") f.write("telemetry.enabled: false\n") # Mount a shared directory to persist data volumes = mount.volumes if directory: f.write("path.data: /data\n") volumes["/data"] = { "bind": directory, "mode": "rw", } # Launch kibana with Container.run( "kibana:7.9.3", network="host", # Use host network to enable localhost stdin_open=True, tty=True, volumes=volumes, command="/usr/local/bin/kibana-docker -c /conf/kibana.yml" ) as container: container.interact()
def handle(self, input, lhost, lport, country="us", proxy=None): # Construct configuration file config = "" config += "update: false\n" config += "web_addr: false\n" self.log.debug("Using country code (%s)", country) config += "region: %s\n" % country # Use proxy, if specified if proxy: self.log.debug("Connecting to proxy (%s)", proxy) if proxy.startswith("socks5"): config += "socks5_proxy: %s\n" % proxy elif proxy.startswith("http"): config += "http_proxy: %s\n" % proxy else: raise AssertionError("Invalid proxy, expecting http or socks5") self.log.debug("Launching reverse proxy") with Mount("/ngrok", "ro") as mount: # Write configuration file with mount.open("config.yml", "w") as f: f.write(config) # Launch reverse proxy with Container.run( "wernight/ngrok:%s" % ("armhf" if arm else "latest"), network="host", user="******", volumes=mount.volumes, command="ngrok http -config /ngrok/config.yml %s:%i" % (lhost, lport), tty=True, stdin_open=True) as container: container.interact()
def handle(self, input, interface="0.0.0.0", port=9200, directory=None): # Mount a shared directory to persist data volumes = {} if directory: volumes["/data"] = { "bind": directory, "mode": "rw", } # Launch elasticsearch with Container.run("elasticsearch:7.9.3", stdin_open=True, tty=True, ports={"%s/tcp" % port: (interface, port)}, volumes=volumes, environment={ "discovery.type": "single-node", "cluster.name": self.__name__, "network.host": interface, "http.port": port, }) as container: container.interact()
def handle(self, input, port=8080, interface="0.0.0.0", country=None, mitm=False, ca=None): # Construct command cmd = "" if country: self.log.info("Using country code: %s", country) cmd += " -l %s" % country # Launch tor self.log.info("Connecting to tor...") with Container.run("dperson/torproxy:latest", ports={"8080/tcp": (interface, port)}, command=cmd) as vpn: # Wait for successful connection for log in vpn.logs(stream=True, follow=True): self.log.logger.debug(log.strip().decode()) if b"Bootstrapped 100% (done): Done" in log: self.log.info("Connected to tor") break with Mount("/root/.mitmproxy") as mount: # Write certificate authority if ca: self.log.debug("Writing certificate authority (%s)", ca.name) with mount.open("mitmproxy-ca.pem", "wb") as f: f.write(ca.read()) # Construct command if mitm: cmd = "/usr/bin/mitmproxy" # Bypass entrypoint to mount CA cmd += " --anticomp --anticache -k" # Maximimze request exposure cmd += " --mode upstream:http://127.0.0.1:8118" cmd += " --listen-host 0.0.0.0" cmd += " --listen-port 8080" else: cmd = "/usr/bin/mitmdump" # Bypass entrypoint to mount CA cmd += " --ignore-hosts .*" # Disable TLS intercept cmd += " --mode upstream:http://127.0.0.1:8118" cmd += " --listen-host 0.0.0.0" cmd += " --listen-port 8080" # Launch proxy self.log.debug("Launching proxy server") with Container.run("mitmproxy/mitmproxy:%s" % ("5.0.1-ARMv7" if arm else "5.0.1"), network_mode="container:%s" % vpn.name, tty=True, stdin_open=True, volumes=mount.volumes, command=cmd) as proxy: self.log.info("Proxy server listening at http://%s:%i", interface, port) proxy.interact() if mitm else proxy.wait()
def handle(self, input, port=8080, interface="0.0.0.0", auth=None, mitm=False, ca=None): assert input is not None, "Must provide OpenVPN configuration as input" # Retrieve OpenVPN configuration for data in input: with Mount("/vpn", "ro") as mount: # Write OpenVPN configuration self.log.debug("Writing access configuration") with mount.open("vpn.conf", "wb") as f: f.write(data) # Write OpenVPN authentication if auth: self.log.debug("Writing authentication file (%s)", auth.name) with mount.open(os.path.basename(auth.name), "wb") as f: f.write(auth.read()) # Launch tunnel self.log.info("Connecting to tunnel...") with Container.run("dperson/openvpn-client:latest", cap_add=["NET_ADMIN"], devices=["/dev/net/tun"], ports={"%i/tcp" % port : (interface, port)}, volumes=mount.volumes) as vpn: # Wait for successful connection for log in vpn.logs(stream=True, follow=True): self.log.logger.debug(log.strip().decode()) if b"Initialization Sequence Complete" in log: self.log.info("Connected to tunnel (%s)", vpn.name) break with Mount("/root/.mitmproxy") as certs: # Write certificate authority to privileged directory if ca: self.log.debug("Writing certificate authority (%s)", ca.name) with certs.open("mitmproxy-ca.pem", "wb") as f: f.write(ca.read()) # Construct command if mitm: cmd = "/usr/bin/mitmproxy" # Bypass entrypoint to mount CA cmd += " --anticomp --anticache -k" # Maximize request exposure cmd += " --mode socks5 --showhost" cmd += " --listen-host 0.0.0.0" cmd += " --listen-port %i" % port else: cmd = "/usr/bin/mitmdump" # Bypass entrypoint to mount CA cmd += " --ignore-hosts .*" # Disable TLS intercept cmd += " --mode socks5 --showhost" cmd += " --listen-host 0.0.0.0" cmd += " --listen-port %i" % port # Launch proxy with Container.run("mitmproxy/mitmproxy:%s" % ("5.0.1-ARMv7" if arm else "5.0.1"), network_mode="container:%s" % vpn.name, tty=True, stdin_open=True, volumes=certs.volumes, command=cmd) as proxy: self.log.info("Proxy server listening at http://%s:%i", interface, port) proxy.interact() if mitm else proxy.wait()