The aim of pivotr initially is to simplify the task of maintaining ssh connections throughout a network environment. These connections, which we refer to as 'nodes', are stored in an encrypted file as a list of objects. Each object currently only contains very basic data regarding each node, including a basic node ID (and consequently, the id of the node in the list), the node's IP address, and the option to append a username and password to the node if SSH credentials are known.
Stage 1 - Nodes:
Stage 2 - Agents:
Stage 3 - Profit
Pivotr has recently been ported to PyPI as a pipx download. Downloading pipx:
# Via Debian-based distros (Debian, Ubuntu etc.) using apt
sudo apt update
sudo apt install pipx
# Via RHEL-based distros (Redhat, Fedora, etc.) using dnf
sudo dnf install pipx
# Via Arch-based distros (Arch, Mangaro, etc.) using pacman
sudo pacman -Sy python-pipx
# Via MacOS using homebrew
brew install pipx
Download pivotr via pipx (which both isolates our python environment and also adds a symlink to our executable in the user's path):
pipx ensurepath
pipx install pivotr
Help:n
pivotr -h
Show map of all nodes we currently know about (hard lines are credentialed hosts, dotted lines have no credentials):
pivotr -m
╭─────────────────╮
│n0 - pivotr │
│ 192.168.1.150 │
╰───────────┬─────╯
│ ╭ ─ ─ ─ ─ ─ ─ ─ ─ ╮
├──┤n1 ╎
│ ╎ 192.168.1.1 ╎
│ ╰ ─ ─ ─ ─ ─ ─ ─ ─ ╯
│ ╭ ─ ─ ─ ─ ─ ─ ─ ─ ╮
├──┤n2 ╎
│ ╎ 192.168.1.59 ╎
│ ╰ ─ ─ ─ ─ ─ ─ ─ ─ ╯
│ ╭─────────────────╮
├──┤n3 │
│ │ 192.168.1.170 │
│ ╰─────────┬───────╯
│ │ ╭ ─ ─ ─ ─ ─ ─ ─ ─ ╮
│ ├──┤n4 ╎
│ │ ╎ 10.0.2.3 ╎
│ │ ╰ ─ ─ ─ ─ ─ ─ ─ ─ ╯
│ │ ╭─────────────────╮
│ ├──┤n5 │
│ │ │ 10.0.2.1 │
│ │ ╰─────────┬───────╯
│ │ │ ╭─────────────────╮
│ │ ╰──┤n10 │
│ │ │ 172.6.12.15 │
│ │ ╰─────────────────╯
│ │ ╭ ─ ─ ─ ─ ─ ─ ─ ─ ╮
│ ├──┤n6 ╎
│ │ ╎ 10.0.2.4 ╎
│ │ ╰ ─ ─ ─ ─ ─ ─ ─ ─ ╯
│ │ ╭ ─ ─ ─ ─ ─ ─ ─ ─ ╮
│ ├──┤n7 ╎
│ │ ╎ 10.0.2.2 ╎
│ │ ╰ ─ ─ ─ ─ ─ ─ ─ ─ ╯
│ │ ╭─────────────────╮
│ ╰──┤n8 │
│ │ 10.0.2.5 │
│ ╰─────────────────╯
│ ╭ ─ ─ ─ ─ ─ ─ ─ ─ ╮
╰──┤n9 ╎
╎ 1.2.3.4 ╎
╰ ─ ─ ─ ─ ─ ─ ─ ─ ╯
Since our host is node 0 (n0) by default, run a ping sweep from n0 to map our subnet (check to see if ping sweep was successfully by running pivotr -m afterward):
pivotr -n0 -S
Add known SSH credentials to node 10:
pivotr -n10 -e
Current node values:
1) IP addr: 172.6.12.15
2) UN: jsmith
3) PW:
4) Exit:
Select property to edit: 3
New password: ************
Node 10 successfully modified.
Send command uname -a to node 10 via SSH:
pivotr -n10 -c "uname -a"
Make SSH connection to node 10:
pivotr -n10 -i
jsmith@172.6.12.15$
Save our current node data set for later use in ./snapshots directory:
pivotr -s
Use a data set from ./snapshots (which replaces current data set at /tmp/nodes.data):
./pivotr -f ./snapshots/2024-01-15_114534-nodes.data
Maturon Miner - maturon@gmail.com
FAQs
Pivotr - a remote command execution and pivoting framework
We found that pivotr demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.