API tools faq
paste
Advertisement
JoeLinux

antor

JoeLinux
Dec 10th, 2016
110
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 12.92 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. # Program: kalitorify.sh
  4. # Version: 1.4.1
  5. # Operating System: Kali Linux
  6. # Description: Transparent proxy trough Tor
  7. # Author: Brainfuck
  8. # https://github.com/BrainfuckSec
  9. # Dependencies: tor, wget
  10. #
  11. # Kalitorify is KISS version of Parrot AnonSurf Module, developed
  12. # by "Pirates' Crew" of FrozenBox - https://github.com/parrotsec/anonsurf
  13.  
  14. # GNU GENERAL PUBLIC LICENSE
  15. #
  16. # This program is free software: you can redistribute it and/or modify
  17. # it under the terms of the GNU General Public License as published by
  18. # the Free Software Foundation, either version 3 of the License, or
  19. # (at your option) any later version.
  20. #
  21. # This program is distributed in the hope that it will be useful,
  22. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  23. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  24. # GNU General Public License for more details.
  25. #
  26. # You should have received a copy of the GNU General Public License
  27. # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  28.  
  29.  
  30. # program / version
  31. program="kalitorify"
  32. version="1.4.1"
  33.  
  34. # define colors
  35. export red=$'\e[0;91m'
  36. export green=$'\e[0;92m'
  37. export blue=$'\e[0;94m'
  38. export white=$'\e[0;97m'
  39. export endc=$'\e[0m'
  40. export cyan=$'\e[0;36m'
  41.  
  42. # destinations you don't want routed through Tor
  43. non_tor="192.168.1.0/24 192.168.0.0/24"
  44.  
  45. # UID --> 'ps -e | grep tor'
  46. tor_uid="debian-tor"
  47.  
  48. # Tor TransPort
  49. trans_port="9040"
  50.  
  51.  
  52. # print banner
  53. function banner {
  54. printf "${white}
  55. *****************************************
  56. *                                       *
  57. *  _____     _ _ _           _ ___      *
  58. * |  |  |___| |_| |_ ___ ___|_|  _|_ _  *
  59. * |    -| .'| | |  _| . |  _| |  _| | | *
  60. * |__|__|__,|_|_|_| |___|_| |_|_| |_  | *
  61. *                                 |___| *
  62. *                                       *
  63. *****************************************
  64.  
  65. Transparent proxy trough Tor for Kali Linux
  66.  
  67. Version: $version
  68. Author: Brainfuck${endc}\n"
  69. }
  70.  
  71.  
  72. # check if the program run as a root
  73. function check_root {
  74.     if [ "$(id -u)" -ne 0 ]; then
  75.         printf "${red}%s${endc}\n"  "[ failed ] Please run this program as a root!" >&2
  76.         exit 1
  77.     fi
  78. }
  79.  
  80.  
  81. # functions for firewall ufw
  82. # check if ufw is installed and active, if not
  83. # jump this function
  84. function disable_ufw {
  85.     if hash ufw 2>/dev/null; then
  86.         if ufw status | grep -q active$; then
  87.             printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Firewall ufw is active. disabling..."
  88.             ufw disable > /dev/null 2>&1
  89.             printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "ufw disabled"
  90.             sleep 3
  91.         else
  92.             ufw status | grep -q inactive$;
  93.             printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Firewall ufw is inactive, continue..."  
  94.         fi
  95.     fi
  96. }
  97.  
  98.  
  99. # enable ufw
  100. # if ufw isn't installed, jump this function
  101. function enable_ufw {
  102.     if hash ufw 2>/dev/null; then
  103.         if ufw status | grep -q inactive$; then
  104.             printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Enabling firewall ufw"
  105.             ufw enable > /dev/null 2>&1
  106.             printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "ufw enabled"
  107.             sleep 3
  108.         fi
  109.     fi
  110. }
  111.  
  112.  
  113. # check default configurations
  114. # check if kalitorify is properly configured
  115. function check_default {
  116.     # check dependencies (tor, wget)
  117.     command -v tor > /dev/null 2>&1 ||
  118.     { printf >&2 "\n${red}%s${endc}\n" "[ failed ] tor isn't installed, exiting..."; exit 1; }
  119.  
  120.     command -v wget > /dev/null 2>&1 ||
  121.     { printf >&2 "\n${red}%s${endc}\n" "[ failed ] wget isn't installed, exiting..."; exit 1; }
  122.  
  123.     # check file '/etc/tor/torrc'
  124.     #
  125.     # VirtualAddrNetworkIPv4 10.192.0.0/10
  126.     # AutomapHostsOnResolve 1
  127.     # TransPort 9040
  128.     # SocksPort 9050
  129.     # DNSPort 53
  130.     # RunAsDaemon 1
  131.     grep -q -x 'VirtualAddrNetworkIPv4 10.192.0.0/10' /etc/tor/torrc
  132.     VAR1=$?
  133.  
  134.     grep -q -x 'AutomapHostsOnResolve 1' /etc/tor/torrc
  135.     VAR2=$?
  136.  
  137.     grep -q -x 'TransPort 9040' /etc/tor/torrc
  138.     VAR3=$?
  139.  
  140.     grep -q -x 'SocksPort 9050' /etc/tor/torrc
  141.     VAR4=$?
  142.  
  143.     grep -q -x 'DNSPort 53' /etc/tor/torrc
  144.     VAR5=$?
  145.  
  146.     grep -q -x 'RunAsDaemon 1' /etc/tor/torrc
  147.     VAR6=$?
  148.  
  149.     if [ $VAR1 -ne 0 ] ||
  150.         [ $VAR2 -ne 0 ] ||
  151.         [ $VAR3 -ne 0 ] ||
  152.         [ $VAR4 -ne 0 ] ||
  153.         [ $VAR5 -ne 0 ] ||
  154.         [ $VAR6 -ne 0 ]; then
  155.         printf "\n${red}%s${endc}\n" "[ failed ] To enable the transparent proxy add the following of /etc/tor/torrc file:" >&2
  156.         printf "${white}%s${endc}\n" "VirtualAddrNetworkIPv4 10.192.0.0/10"
  157.         printf "${white}%s${endc}\n" "AutomapHostsOnResolve 1"
  158.         printf "${white}%s${endc}\n" "TransPort 9040"
  159.         printf "${white}%s${endc}\n" "SocksPort 9050"
  160.         printf "${white}%s${endc}\n" "DNSPort 53"
  161.         printf "${white}%s${endc}\n" "RunAsDaemon 1"
  162.     exit 1
  163.     fi
  164. }
  165.  
  166.  
  167. # start transparent proxy
  168. # start program
  169. function start {
  170.     banner
  171.     check_root
  172.     check_default
  173.  
  174.     # check status of tor.service and stop it if is active
  175.     if systemctl is-active tor.service > /dev/null 2>&1; then
  176.         systemctl stop tor.service
  177.     fi
  178.  
  179.     printf "\n${blue}%s${endc} ${green}%s${endc}\n" "::" "Starting Transparent Proxy"
  180.     disable_ufw
  181.     sleep 3
  182.  
  183.     # Tor Entry Guards
  184.     # delete file: /var/lib/tor/state
  185.     # when tor.service starting, a new file 'state' it's generated
  186.     # when you connect to Tor network, a new Tor entry guards will be written
  187.     # on this file.
  188.     printf "${blue}::${endc} ${green}Get fresh Tor entry guards? [y/n]${endc}"
  189.     read -p "${green}:${endc} " yn
  190.     case $yn in
  191.         [yY]|[y|Y] )
  192.             rm -v /var/lib/tor/state
  193.             printf "${blue}%s${endc} ${white}%s${endc}\n" "[ ok ]" "When tor.service start, new Tor entry guards will obtained"
  194.             ;;
  195.         *)
  196.             ;;
  197.     esac
  198.  
  199.     # start tor.service
  200.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Start Tor service"
  201.     systemctl start tor.service
  202.     sleep 6
  203.     printf "${blue}%s${endc} ${white}%s${endc}\n" "[ ok ]" "Tor service is active"
  204.  
  205.     # iptables settings
  206.     ###################
  207.  
  208.     # save iptables
  209.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Backup iptables rules"
  210.     iptables-save > /opt/iptables.backup
  211.     sleep 2
  212.  
  213.     # flush iptables
  214.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Flush iptables rules"
  215.     iptables -F
  216.     iptables -t nat -F
  217.  
  218.     # configure system's DNS resolver to use Tor's DNSPort on the loopback interface
  219.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Configure system's DNS resolver to use Tor's DNSPort"
  220.     cp -vf /etc/resolv.conf /opt/resolv.conf.backup
  221.     echo -e 'nameserver 127.0.0.1' > /etc/resolv.conf
  222.     sleep 2
  223.  
  224.     # new iptables rules
  225.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Set new iptables rules"
  226.  
  227.     # set iptables *nat
  228.     iptables -t nat -A OUTPUT -m owner --uid-owner $tor_uid -j RETURN
  229.     iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
  230.     iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-ports 53
  231.     iptables -t nat -A OUTPUT -p udp -m owner --uid-owner $tor_uid -m udp --dport 53 -j REDIRECT --to-ports 53
  232.  
  233.     iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports $trans_port
  234.     iptables -t nat -A OUTPUT -p udp -d 10.192.0.0/10 -j REDIRECT --to-ports $trans_port
  235.  
  236.     # allow clearnet access for hosts in $non_tor
  237.     for clearnet in $non_tor 127.0.0.0/9 127.128.0.0/10; do
  238.         iptables -t nat -A OUTPUT -d $clearnet -j RETURN
  239.     done
  240.  
  241.     # redirect all other output to Tor TransPort
  242.     iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $trans_port
  243.     iptables -t nat -A OUTPUT -p udp -j REDIRECT --to-ports $trans_port
  244.     iptables -t nat -A OUTPUT -p icmp -j REDIRECT --to-ports $trans_port
  245.  
  246.     # set iptables *filter
  247.     iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  248.  
  249.     # allow clearnet access for hosts in $non_tor
  250.     for clearnet in $non_tor 127.0.0.0/8; do
  251.         iptables -A OUTPUT -d $clearnet -j ACCEPT
  252.     done
  253.  
  254.     # allow only Tor output
  255.     iptables -A OUTPUT -m owner --uid-owner $tor_uid -j ACCEPT
  256.     iptables -A OUTPUT -j REJECT
  257.     sleep 4
  258.  
  259.     printf "${blue}%s${endc} ${white}%s${endc}\n" "[ ok ]" "Transparent Proxy activated, your system is under Tor"
  260.     printf "${blue}%s${endc} ${green}%s${endc}\n" "[ info ]" "Use --status argument for check the program status"
  261. }
  262.  
  263.  
  264. # stop function
  265. # stop transparent proxy and return to clearnet
  266. function stop {
  267.     check_root
  268.  
  269.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Stopping Transparent Proxy"
  270.     sleep 2
  271.  
  272.     # flush iptables
  273.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Flush iptables rules"
  274.     iptables -F
  275.     iptables -t nat -F
  276.  
  277.     # restore iptables
  278.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Restore the default iptables rules"
  279.     iptables-restore < /opt/iptables.backup
  280.     sleep 2
  281.  
  282.     # stop tor.service
  283.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Stop tor service"
  284.     systemctl stop tor.service
  285.     sleep 4
  286.  
  287.     # restore /etc/resolv.conf --> default nameserver
  288.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Restore /etc/resolv.conf file with default DNS"
  289.     rm -v /etc/resolv.conf
  290.     cp -vf /opt/resolv.conf.backup /etc/resolv.conf
  291.     sleep 2
  292.  
  293.     enable_ufw
  294.     printf "${blue}%s${endc} ${white}%s${endc}\n" "[-]" "Transparent Proxy stopped"
  295. }
  296.  
  297.  
  298. # check_status function
  299. # function for check status of program and services:
  300. # tor.service, check public IP, netstat for open door
  301. function check_status {
  302.     check_root
  303.  
  304.     # check status of tor.service
  305.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Check current status of Tor service"
  306.     if systemctl is-active tor.service > /dev/null 2>&1; then
  307.         printf "${blue}%s${endc} ${white}%s${endc}\n" "[ ok ]" "Tor service is active"
  308.     else
  309.         printf "${red}%s${endc}\n" "[-] Tor service is not running!"
  310.         exit 1
  311.     fi
  312.  
  313.     # check current public IP
  314.     printf "\n${blue}%s${endc} ${green}%s${endc}\n" "::" "Checking your public IP, please wait..."
  315.     local ext_ip
  316.     ext_ip=$(wget -qO- -t 1 --timeout=15 ipinfo.io/ip)
  317.     local city
  318.     city=$(wget -qO- -t 1 --timeout=15 ipinfo.io/city)
  319.    
  320.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Current public IP:"
  321.     printf "${white}%s%s${endc}\n\n" "$ext_ip - $city"
  322.     sleep 1
  323.  
  324.     # exec command "netstat -tulpn", check if there are open doors
  325.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Check if there are open doors"
  326.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "run command 'netstat -tulpn'"
  327.     sleep 5 &
  328.     netstat -tulpn
  329.     printf "\n${blue}%s${endc} ${green}%s${endc}\n" "[ info ]" "If your network security is ok, you have only 'tor' in listen"
  330.     exit 0
  331. }
  332.  
  333.  
  334. # restart tor.service and change IP
  335. function restart {
  336.     check_root
  337.     printf "${blue}%s${endc} ${green}%s${endc}\n" "::" "Restart Tor service and change IP"
  338.  
  339.     # systemctl restart or stop/start is the same?
  340.     systemctl stop tor.service
  341.     sleep 3
  342.     systemctl start tor.service
  343.     sleep 2
  344.     # check tor.service after restart
  345.     if systemctl is-active tor.service > /dev/null 2>&1; then
  346.         printf "${blue}%s${endc} ${white}%s${endc}\n\n" "[ ok ]" "Tor service is active and your IP is changed"
  347.         check_status
  348.     else
  349.         printf "${red}%s${endc}\n" "[-] Tor service is not running!"
  350.     fi
  351.     sleep 4
  352. }
  353.  
  354.  
  355. # display program and tor version then exit
  356. function print_version {
  357.     printf "${white}%s${endc}\n" "$program version $version"
  358.     printf "${white}%s${endc}\n" "$(tor --version)"
  359.     exit 0
  360. }
  361.  
  362.  
  363. # print nice help message and exit
  364. function help_menu {
  365.     banner
  366.  
  367.     printf "\n${white}%s${endc}\n" "Usage:"
  368.     printf "${white}%s${endc}\n\n"   "******"
  369.     printf "${white}%s${endc} ${red}%s${endc} ${white}%s${endc} ${red}%s${endc}\n" "┌─╼" "$USER" "╺─╸" "$(hostname)"
  370.     printf "${white}%s${endc} ${green}%s${endc}\n" "└───╼" "./$program --argument"
  371.  
  372.     printf "\n${white}%s${endc}\n\n" "Arguments:"
  373.     printf "${green}%s${endc}\n" "--help      show this help message and exit"
  374.     printf "${green}%s${endc}\n" "--start     start transparent proxy for tor"
  375.     printf "${green}%s${endc}\n" "--stop      reset iptables and return to clear navigation"
  376.     printf "${green}%s${endc}\n" "--status    check status of program and services"
  377.     printf "${green}%s${endc}\n" "--restart   restart tor service and change IP"
  378.     printf "${green}%s${endc}\n" "--version   display program and tor version then exit"
  379.     exit 0
  380. }
  381.  
  382.  
  383. # cases user input
  384. case "$1" in
  385.     --start)
  386.         start
  387.         ;;
  388.     --stop)
  389.         stop
  390.         ;;
  391.     --restart)
  392.         restart
  393.         ;;
  394.     --status)
  395.         check_status
  396.         ;;
  397.     --version)
  398.         print_version
  399.         ;;
  400.     --help)
  401.         help_menu
  402.         ;;
  403.     *)
  404. help_menu
  405. exit 1
  406.  
  407. esac
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!