def handle(self, input, lhost, lport, port=80):
# Construct command
cmd = "-s %s;%s:%s" % (port, lhost, lport)
# Launch tor
self.log.info("Connecting to tor...")
with Container.run(
"dperson/torproxy:latest",
network="host", # Use host network to allow local addresses
command=cmd) as container:
# Wait for successful connection
for log in container.logs(stream=True, follow=True):
self.log.logger.debug(log.strip().decode())
if b"Bootstrapped 100% (done): Done" in log:
# Fetch service address
status, result = container.exec_run(
"cat /var/lib/tor/hidden_service/hostname")
if status == 0:
self.log.info("Connected, serving %s:%i at %s", lhost,
lport, result.decode())
else:
raise Exception(result)
def handle(self,
input,
interface="0.0.0.0",
port=5601,
elastic_url="http://127.0.0.1:9200"):
assert elastic_url, "Must specify url of elasticsearch instance"
with Mount("/conf") as mount:
# Write kibana configuration
with mount.open("kibana.yml", "w") as f:
f.write("elasticsearch.hosts: %s\n" %
elastic_url) # string or list
f.write("server.host: %s\n" % interface)
f.write("server.port: %i\n" % port)
f.write("server.name: %s\n" % self.__name__)
f.write("telemetry.optIn: false\n")
f.write("telemetry.enabled: false\n")
# Launch kibana
with Container.run(
"docker.elastic.co/kibana/kibana:7.10.0",
network="host", # Use host network to enable localhost
stdin_open=True,
tty=True,
volumes=mount.volumes,
command="/usr/local/bin/kibana-docker -c /conf/kibana.yml"
) as container:
container.interact()
def handle(self,
input,
port=5432,
interface="0.0.0.0",
user="******",
password="******",
db="postgres",
directory=None):
# Mount local directory
volumes = {}
if directory:
volumes[os.path.abspath(directory)] = {
"bind": "/var/lib/postgresql/data"
}
# Launch postgres
with Container.run("postgres:latest",
ports={"5432/tcp": (interface, port)},
volumes=volumes,
environment={
"POSTGRES_USER": user,
"POSTGRES_PASSWORD": password,
"POSTGRES_DB": db,
"PGDATA": "/var/lib/postgresql/data/pgdata",
}) as container:
# Print logs if requested
for log in container.logs(stream=True, follow=True):
self.log.logger.debug(log.strip().decode())
def handle(self, input, proxy=None, secure=False, write=None):
# Construct command
cmd = "/usr/bin/speedtest"
cmd += " --share"
if write:
cmd += " --%s" % write
if secure:
cmd += " --secure"
env = {}
if proxy:
env["HTTP_PROXY"] = proxy
# Launch speedtest
with Container.run("local/speedtest:1.0.0",
network="host", # Enable localhost for proxy
stdin_open=not write,
tty=not write,
environment=env,
command=cmd) as container:
if write:
yield container.output()
else:
container.interact()
def handle(self, input, lhost, lport, rhost, rport, key=None, certificate=None, ca=None, version=None):
with Mount("/data", "ro") as mount:
# Construct command
cmd = "socat"
cmd += " openssl-listen:%i,bind=%s,fork,reuseaddr" % (lport, lhost)
cmd += ",key=/data/key.pem,cert=/data/cert.pem"
if version:
self.log.debug("Using version: %s", version)
cmd += ",method=%s" % version
# Write supplied TLS key/certificate
if key and certificate:
self.log.debug("Using key: %s", key.name)
with mount.open("key.pem", "wb") as f:
f.write(key.read())
self.log.debug("Using certificate: %s", certificate.name)
with mount.open("cert.pem", "wb") as f:
f.write(certificate.read())
# Write generated TLS key/certificate
else:
if key:
self.log.warning("Missing certificate, using self-signed")
if certificate:
self.log.warning("Missing key, using self-signed")
self.log.debug("Generating self-signed certificate")
import lets.generate.tls.certificate
pem = lets.generate.tls.certificate()
with mount.open("key.pem", "wb") as f:
f.write(pem)
with mount.open("cert.pem", "wb") as f:
f.write(pem)
# Write certificate authority
if ca:
self.log.debug("Verifying peer with certificate: %s", ca.name)
with mount.open("ca.pem", "wb") as f:
f.write(ca.read())
cmd += ",cafile=/data/ca.pem"
else:
cmd += ",verify=0"
cmd += " tcp-connect:%s:%i" % (rhost, rport)
# Launch redirector
with Container.run("local/socat:1.0.1",
network="host", # Use host network to allow local addresses
tty=True,
stdin_open=True,
volumes=mount.volumes,
command=cmd) as container:
self.log.info("Redirecting TLS(%s:%i) to TCP(%s:%i)", lhost, lport, rhost, rport)
container.interact()
def test_images(self):
"""
Test that required images work on the given architecture.
"""
output = b""
image = "dperson/openvpn-client:latest"
with Container.run(image, command="-h") as container:
output = container.output()
self.assertRegex(output, b"Usage: ",
"Image (%s) failed for architecture: %s" % (image, platform.machine()))
def test_images(self):
"""
Test that required images work on the given architecture.
"""
output = b""
image = "docker.elastic.co/kibana/kibana:7.10.0"
with Container.run(image, command="kibana -h") as container:
output = container.output()
self.assertRegex(
output, b"Usage:", "Image (%s) failed for architecture: %s" %
(image, platform.machine()))
def test_images(self):
"""
Test that required images work on the given architecture.
"""
import platform
output = b""
image = "local/speedtest:1.0.0"
with Container.run(image, command="speedtest -h") as container:
output = container.output()
self.assertRegex(output, b"usage:",
"Image (%s) failed for architecture: %s" % (image, platform.machine()))
def test_images(self):
"""
Test that required images work on the given architecture.
"""
output = b""
image = "mitmproxy/mitmproxy:%s" % ("5.0.1-ARMv7" if arm else "5.0.1")
with Container.run(image, command="mitmproxy -h") as container:
output = container.output()
self.assertRegex(
output, b"usage: mitmproxy",
"Image (%s) failed for architecture: %s" %
(image, platform.machine()))
def test_images(self):
"""
Test that required images work on the given architecture.
"""
output = b""
image = "wernight/ngrok:%s" % ("armhf" if arm else "latest")
with Container.run(image, command="ngrok help") as container:
output = container.output()
self.assertRegex(
output, b"inconshreveable",
"Image (%s) failed for architecture: %s" %
(image, platform.machine()))
def test_images(self):
"""
Test that required images work on the given architecture.
"""
import platform
output = b""
image = "postgres:latest"
with Container.run(image, command="postgres --help") as container:
output = container.output()
self.assertRegex(
output, b"Usage:", "Image (%s) failed for architecture: %s" %
(image, platform.machine()))
def handle(self, input, interface="0.0.0.0", port=9200):
# Launch elasticsearch
with Container.run(
"docker.elastic.co/elasticsearch/elasticsearch:7.10.0",
stdin_open=True,
tty=True,
ports={"%s/tcp" % port: (interface, port)},
environment={
"discovery.type": "single-node",
"cluster.name": self.__name__,
"network.host": "0.0.0.0",
"http.port": port,
}) as container:
container.interact()
def handle(self,
input,
port=53,
interface="0.0.0.0",
upstream=None,
cache=150):
with Mount("/data") as mount:
# Construct command
cmd = "dnsmasq -C /data/dnsmasq.conf -d"
# Write configuration
with mount.open("dnsmasq.conf", "w") as f:
f.write("port=%i\n" % port)
f.write("listen-address=%s\n" % interface)
f.write("bind-interfaces\n")
f.write("log-queries\n")
f.write("cache-size=%i\n" % cache)
# Add upstream servers
f.write("no-resolv\n") # Don't read /etc/resolv.conf
if upstream:
if not isinstance(upstream, list):
upstream = [upstream]
for server in upstream:
f.write("server=%s\n" % server)
# Add hosts
f.write("no-hosts\n") # Don't read /etc/hosts
if input:
f.write("addn-hosts=/data/hosts\n")
with mount.open("hosts", "wb") as h:
for data in input:
h.write(data)
# Launch dnsmasq
with Container.run("local/dnsmasq:1.0.0",
stdin_open=True,
tty=True,
network="host",
volumes=mount.volumes,
command=cmd) as container:
container.interact()
def handle(self, input, lhost, lport, rhost, rport):
# Construct command
cmd = "socat"
cmd += " tcp-listen:%i,bind=%s,fork,reuseaddr" % (lport, lhost)
cmd += " tcp-connect:%s:%i" % (rhost, rport)
# Launch redirector
with Container.run(
"local/socat:1.0.1",
network="host", # Use host network to allow local addresses
tty=True,
stdin_open=True,
command=cmd) as container:
self.log.info("Redirecting TCP(%s:%i) to TCP(%s:%i)", lhost, lport,
rhost, rport)
container.interact()
def handle(self,
input,
port=8080,
interface="0.0.0.0",
mitm=False,
ca=None):
with Mount("/root/.mitmproxy") as mount:
# Write certificate authority
if ca:
self.log.debug("Writing certificate authority (%s)", ca.name)
with mount.open("mitmproxy-ca.pem", "wb") as f:
f.write(ca.read())
# Construct command
if mitm:
cmd = "/usr/bin/mitmproxy" # Bypass entrypoint to mount CA
cmd += " --anticomp --anticache -k" # Maximize request exposure
cmd += " --mode socks5 --showhost"
cmd += " --listen-host %s" % interface
cmd += " --listen-port %i" % port
else:
cmd = "/usr/bin/mitmdump" # Bypass entrypoint to mount CA
cmd += " --ignore-hosts .*" # Disable TLS intercept
cmd += " --mode socks5 --showhost"
cmd += " --listen-host %s" % interface
cmd += " --listen-port %i" % port
# Launch proxy
self.log.debug("Launching proxy server")
with Container.run(
"mitmproxy/mitmproxy:%s" %
("5.0.1-ARMv7" if arm else "5.0.1"),
network="host", # Use host network to enable local addresses
tty=True,
stdin_open=True,
volumes=mount.volumes,
command=cmd) as container:
self.log.info("Proxy server listening at http://%s:%i",
interface, port)
container.interact() if mitm else container.wait()
def handle(self, input, port=9050, interface="0.0.0.0", country=None):
# Construct command
cmd = ""
if country:
self.log.info("Using country code: %s", country)
cmd += " -l %s" % country
# Launch tor
self.log.info("Connecting to tor...")
with Container.run("dperson/torproxy:latest",
ports={"9050/tcp": (interface, port)},
command=cmd) as vpn:
# Wait for successful connection
for log in vpn.logs(stream=True, follow=True):
self.log.logger.debug(log.strip().decode())
if b"Bootstrapped 100% (done): Done" in log:
self.log.info("Connected to tor, listening on %s:%i",
interface, port)
def handle(self,
input,
interface="0.0.0.0",
port=5601,
elastic_url=None,
directory=None):
assert elastic_url, "Must specify url of elasticsearch instance"
with Mount("/conf") as mount:
# Write kibana configuration
with mount.open("kibana.yml", "w") as f:
f.write("elasticsearch.hosts: %s\n" %
elastic_url) # string or list
f.write("server.host: %s\n" % interface)
f.write("server.port: %i\n" % port)
f.write("server.name: %s\n" % self.__name__)
f.write("telemetry.optIn: false\n")
f.write("telemetry.enabled: false\n")
# Mount a shared directory to persist data
volumes = mount.volumes
if directory:
f.write("path.data: /data\n")
volumes["/data"] = {
"bind": directory,
"mode": "rw",
}
# Launch kibana
with Container.run(
"kibana:7.9.3",
network="host", # Use host network to enable localhost
stdin_open=True,
tty=True,
volumes=volumes,
command="/usr/local/bin/kibana-docker -c /conf/kibana.yml"
) as container:
container.interact()
def handle(self, input, lhost, lport, country="us", proxy=None):
# Construct configuration file
config = ""
config += "update: false\n"
config += "web_addr: false\n"
self.log.debug("Using country code (%s)", country)
config += "region: %s\n" % country
# Use proxy, if specified
if proxy:
self.log.debug("Connecting to proxy (%s)", proxy)
if proxy.startswith("socks5"):
config += "socks5_proxy: %s\n" % proxy
elif proxy.startswith("http"):
config += "http_proxy: %s\n" % proxy
else:
raise AssertionError("Invalid proxy, expecting http or socks5")
self.log.debug("Launching reverse proxy")
with Mount("/ngrok", "ro") as mount:
# Write configuration file
with mount.open("config.yml", "w") as f:
f.write(config)
# Launch reverse proxy
with Container.run(
"wernight/ngrok:%s" % ("armhf" if arm else "latest"),
network="host",
user="******",
volumes=mount.volumes,
command="ngrok http -config /ngrok/config.yml %s:%i" %
(lhost, lport),
tty=True,
stdin_open=True) as container:
container.interact()
def handle(self, input, interface="0.0.0.0", port=9200, directory=None):
# Mount a shared directory to persist data
volumes = {}
if directory:
volumes["/data"] = {
"bind": directory,
"mode": "rw",
}
# Launch elasticsearch
with Container.run("elasticsearch:7.9.3",
stdin_open=True,
tty=True,
ports={"%s/tcp" % port: (interface, port)},
volumes=volumes,
environment={
"discovery.type": "single-node",
"cluster.name": self.__name__,
"network.host": interface,
"http.port": port,
}) as container:
container.interact()
def handle(self,
input,
port=8080,
interface="0.0.0.0",
country=None,
mitm=False,
ca=None):
# Construct command
cmd = ""
if country:
self.log.info("Using country code: %s", country)
cmd += " -l %s" % country
# Launch tor
self.log.info("Connecting to tor...")
with Container.run("dperson/torproxy:latest",
ports={"8080/tcp": (interface, port)},
command=cmd) as vpn:
# Wait for successful connection
for log in vpn.logs(stream=True, follow=True):
self.log.logger.debug(log.strip().decode())
if b"Bootstrapped 100% (done): Done" in log:
self.log.info("Connected to tor")
break
with Mount("/root/.mitmproxy") as mount:
# Write certificate authority
if ca:
self.log.debug("Writing certificate authority (%s)",
ca.name)
with mount.open("mitmproxy-ca.pem", "wb") as f:
f.write(ca.read())
# Construct command
if mitm:
cmd = "/usr/bin/mitmproxy" # Bypass entrypoint to mount CA
cmd += " --anticomp --anticache -k" # Maximimze request exposure
cmd += " --mode upstream:http://127.0.0.1:8118"
cmd += " --listen-host 0.0.0.0"
cmd += " --listen-port 8080"
else:
cmd = "/usr/bin/mitmdump" # Bypass entrypoint to mount CA
cmd += " --ignore-hosts .*" # Disable TLS intercept
cmd += " --mode upstream:http://127.0.0.1:8118"
cmd += " --listen-host 0.0.0.0"
cmd += " --listen-port 8080"
# Launch proxy
self.log.debug("Launching proxy server")
with Container.run("mitmproxy/mitmproxy:%s" %
("5.0.1-ARMv7" if arm else "5.0.1"),
network_mode="container:%s" % vpn.name,
tty=True,
stdin_open=True,
volumes=mount.volumes,
command=cmd) as proxy:
self.log.info("Proxy server listening at http://%s:%i",
interface, port)
proxy.interact() if mitm else proxy.wait()
def handle(self, input, port=8080, interface="0.0.0.0", auth=None, mitm=False, ca=None):
assert input is not None, "Must provide OpenVPN configuration as input"
# Retrieve OpenVPN configuration
for data in input:
with Mount("/vpn", "ro") as mount:
# Write OpenVPN configuration
self.log.debug("Writing access configuration")
with mount.open("vpn.conf", "wb") as f:
f.write(data)
# Write OpenVPN authentication
if auth:
self.log.debug("Writing authentication file (%s)", auth.name)
with mount.open(os.path.basename(auth.name), "wb") as f:
f.write(auth.read())
# Launch tunnel
self.log.info("Connecting to tunnel...")
with Container.run("dperson/openvpn-client:latest",
cap_add=["NET_ADMIN"],
devices=["/dev/net/tun"],
ports={"%i/tcp" % port : (interface, port)},
volumes=mount.volumes) as vpn:
# Wait for successful connection
for log in vpn.logs(stream=True, follow=True):
self.log.logger.debug(log.strip().decode())
if b"Initialization Sequence Complete" in log:
self.log.info("Connected to tunnel (%s)", vpn.name)
break
with Mount("/root/.mitmproxy") as certs:
# Write certificate authority to privileged directory
if ca:
self.log.debug("Writing certificate authority (%s)", ca.name)
with certs.open("mitmproxy-ca.pem", "wb") as f:
f.write(ca.read())
# Construct command
if mitm:
cmd = "/usr/bin/mitmproxy" # Bypass entrypoint to mount CA
cmd += " --anticomp --anticache -k" # Maximize request exposure
cmd += " --mode socks5 --showhost"
cmd += " --listen-host 0.0.0.0"
cmd += " --listen-port %i" % port
else:
cmd = "/usr/bin/mitmdump" # Bypass entrypoint to mount CA
cmd += " --ignore-hosts .*" # Disable TLS intercept
cmd += " --mode socks5 --showhost"
cmd += " --listen-host 0.0.0.0"
cmd += " --listen-port %i" % port
# Launch proxy
with Container.run("mitmproxy/mitmproxy:%s" % ("5.0.1-ARMv7" if arm else "5.0.1"),
network_mode="container:%s" % vpn.name,
tty=True,
stdin_open=True,
volumes=certs.volumes,
command=cmd) as proxy:
self.log.info("Proxy server listening at http://%s:%i", interface, port)
proxy.interact() if mitm else proxy.wait()
