spior 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/CHANGELOG.md +8 -0
- data/README.md +16 -3
- data/lib/spior/install.rb +7 -12
- data/lib/spior/iptables.rb +43 -46
- data/lib/spior/tor.rb +41 -0
- data/spior.gemspec +2 -1
- data.tar.gz.sig +0 -0
- metadata +17 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 90c671028fd720819222b9ef6e9b68801900077b10eb449bd97bf2780ae139df
|
|
4
|
+
data.tar.gz: 39036dd8a1671de7861d5af14f0506802c059764953b3ba9c77a3c0b7bd27f63
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9e6003b20ae3ca7267233b01f2ad00d7fac0035869121aaffed0ea8d53de6c4abfe4f665ded35e6fa14c69121514cd56e3d9310f6d5fc3fb7a938377aa1f0292
|
|
7
|
+
data.tar.gz: 42e2674b7cb4439d120b93fb7f2b865dd3e9579be3dc62978e684f4eb33faf2ad8cc2bb9adf6c9f3c25f94b79a5d7e1e95b80cbc9347ba489753bed279d99772
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
## 0.0.6, release 2020-05-04
|
|
2
|
+
* README, Add examples
|
|
3
|
+
* lib/spior/iptables - rename var input incoming
|
|
4
|
+
* Remove unused rules for iptables (INPUT and OUTPUT)
|
|
5
|
+
* Search tor-uid by distro (tested for gentoo,arch,debian,ubuntu)
|
|
6
|
+
* Add class lib/spior/tor, to check variables and dependencies (later)
|
|
7
|
+
* Add the Gem Nomansland as dependencies
|
|
8
|
+
|
|
1
9
|
## 0.0.5, release 2020-05-03
|
|
2
10
|
* Spior can now redirect all the traffic through TOR
|
|
3
11
|
* Add OptionParser -t|--tor
|
data/README.md
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
# spior
|
|
2
|
-
(Spider|Tor)
|
|
3
|
-
**Still under development !**
|
|
2
|
+
(Spider|Tor) A tool to make TOR your default gateway and randomize your hardware (MAC).
|
|
4
3
|
|
|
5
4
|
## Install
|
|
6
5
|
Spior is cryptographically signed, so add my public key (if you haven’t already) as a trusted certificate.
|
|
@@ -16,12 +15,26 @@ You can install all the dependencies with:
|
|
|
16
15
|
|
|
17
16
|
$ spior --install
|
|
18
17
|
|
|
19
|
-
Please, post an issue if your linux
|
|
18
|
+
Please, post an issue if your distro linux fail.
|
|
20
19
|
|
|
21
20
|
## Usage
|
|
22
21
|
|
|
23
22
|
$ spior -h
|
|
24
23
|
|
|
24
|
+
### Examples
|
|
25
|
+
To change the MAC address for eth0
|
|
26
|
+
|
|
27
|
+
$ spior -c eth0 -m
|
|
28
|
+
|
|
29
|
+
Redirect traffic through TOR
|
|
30
|
+
|
|
31
|
+
$ spior -t
|
|
32
|
+
$ spior -t -c eth0
|
|
33
|
+
|
|
34
|
+
Look informations about your current ip address
|
|
35
|
+
|
|
36
|
+
$ spior -s
|
|
37
|
+
|
|
25
38
|
## Left Over
|
|
26
39
|
|
|
27
40
|
### Issues
|
data/lib/spior/install.rb
CHANGED
|
@@ -1,6 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
require 'pathname'
|
|
1
|
+
require 'nomansland'
|
|
4
2
|
require_relative 'msg'
|
|
5
3
|
|
|
6
4
|
module Spior
|
|
@@ -14,16 +12,14 @@ module Spior
|
|
|
14
12
|
private
|
|
15
13
|
|
|
16
14
|
def self.base_packages
|
|
17
|
-
|
|
18
|
-
|
|
15
|
+
case Nomansland::installer?
|
|
16
|
+
when :emerge
|
|
19
17
|
system('sudo emerge -av --changed-use tor iptables')
|
|
20
|
-
|
|
21
|
-
elsif Pathname.new("/usr/bin/pacman")
|
|
22
|
-
puts "Install with pacman..."
|
|
18
|
+
when :pacman
|
|
23
19
|
system('sudo pacman -S --needed tor iptables')
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
20
|
+
when :yum
|
|
21
|
+
system('sudo yum install tor iptables')
|
|
22
|
+
else
|
|
27
23
|
system('sudo apt-get tor iptables')
|
|
28
24
|
end
|
|
29
25
|
end
|
|
@@ -54,6 +50,5 @@ module Spior
|
|
|
54
50
|
rescue => e
|
|
55
51
|
Msg.err e
|
|
56
52
|
end
|
|
57
|
-
|
|
58
53
|
end
|
|
59
54
|
end
|
data/lib/spior/iptables.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require 'interfacez'
|
|
2
|
+
require_relative 'tor'
|
|
2
3
|
require_relative 'msg'
|
|
3
4
|
|
|
4
5
|
module Spior
|
|
@@ -15,8 +16,9 @@ module Spior
|
|
|
15
16
|
dns
|
|
16
17
|
nat
|
|
17
18
|
input
|
|
18
|
-
output
|
|
19
19
|
forward
|
|
20
|
+
output
|
|
21
|
+
drop_all
|
|
20
22
|
end
|
|
21
23
|
|
|
22
24
|
private
|
|
@@ -24,13 +26,10 @@ module Spior
|
|
|
24
26
|
def self.initialize(interface)
|
|
25
27
|
@lo = Interfacez.loopback
|
|
26
28
|
@lo_addr = Interfacez.ipv4_address_of(@lo)
|
|
27
|
-
@
|
|
28
|
-
@trans_port = 9040
|
|
29
|
-
@tor_uid = `id -u tor 2>&1 | grep "^[0-9]*"`.chomp
|
|
30
|
-
@virt_addr= "10.192.0.0/10"
|
|
29
|
+
@tor = Spior::Tor.new
|
|
31
30
|
@non_tor = ["#{@lo_addr}/8", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
|
|
32
|
-
@
|
|
33
|
-
@
|
|
31
|
+
@incoming = interface
|
|
32
|
+
@incoming_addr = Interfacez.ipv4_address_of(@incoming)
|
|
34
33
|
end
|
|
35
34
|
|
|
36
35
|
def self.select_cmd
|
|
@@ -43,7 +42,8 @@ module Spior
|
|
|
43
42
|
end
|
|
44
43
|
|
|
45
44
|
def self.ipt(line)
|
|
46
|
-
system("#{@i} #{line}")
|
|
45
|
+
system("#{@i} #{line}")
|
|
46
|
+
#puts "added - #{@i} #{line}"
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
def self.flush_rules
|
|
@@ -54,6 +54,9 @@ module Spior
|
|
|
54
54
|
ipt "-t nat -X"
|
|
55
55
|
ipt "-t mangle -F"
|
|
56
56
|
ipt "-t mangle -X"
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def self.drop_all
|
|
57
60
|
ipt "-P INPUT DROP"
|
|
58
61
|
ipt "-P FORWARD DROP"
|
|
59
62
|
ipt "-P OUTPUT DROP"
|
|
@@ -110,22 +113,23 @@ module Spior
|
|
|
110
113
|
ipt "-A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT"
|
|
111
114
|
ipt "-A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix PING-DROP:"
|
|
112
115
|
ipt "-A INPUT -p icmp -j DROP"
|
|
116
|
+
ipt "-A OUTPUT -p icmp -j ACCEPT"
|
|
113
117
|
end
|
|
114
118
|
|
|
115
119
|
def self.dns
|
|
116
120
|
puts "dns"
|
|
117
|
-
ipt "-t nat -A PREROUTING ! -i #{@lo} -p udp -m udp --dport 53 -j REDIRECT --to-ports #{@
|
|
118
|
-
ipt "-t nat -A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports #{@
|
|
119
|
-
ipt "-t nat -A OUTPUT -p tcp -m tcp --dport 53 -j REDIRECT --to-ports #{@
|
|
121
|
+
ipt "-t nat -A PREROUTING ! -i #{@lo} -p udp -m udp --dport 53 -j REDIRECT --to-ports #{@tor.dns}"
|
|
122
|
+
ipt "-t nat -A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports #{@tor.dns}"
|
|
123
|
+
ipt "-t nat -A OUTPUT -p tcp -m tcp --dport 53 -j REDIRECT --to-ports #{@tor.dns}"
|
|
120
124
|
end
|
|
121
125
|
|
|
122
126
|
def self.nat
|
|
123
127
|
puts "nat"
|
|
124
128
|
# nat .onion addresses
|
|
125
|
-
ipt "-t nat -A OUTPUT -d #{@virt_addr} -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@trans_port}"
|
|
129
|
+
ipt "-t nat -A OUTPUT -d #{@tor.virt_addr} -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@tor.trans_port}"
|
|
126
130
|
|
|
127
131
|
# Don't nat the Tor process, the loopback, or the local network
|
|
128
|
-
ipt "-t nat -A OUTPUT -m owner --uid-owner #{@
|
|
132
|
+
ipt "-t nat -A OUTPUT -m owner --uid-owner #{@tor.uid} -j RETURN"
|
|
129
133
|
ipt "-t nat -A OUTPUT -o #{@lo} -j RETURN"
|
|
130
134
|
|
|
131
135
|
# Allow lan access for hosts in $non_tor
|
|
@@ -134,52 +138,45 @@ module Spior
|
|
|
134
138
|
end
|
|
135
139
|
|
|
136
140
|
# Redirects all other pre-routing and output to Tor's TransPort
|
|
137
|
-
ipt "-t nat -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@trans_port}"
|
|
141
|
+
ipt "-t nat -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@tor.trans_port}"
|
|
138
142
|
|
|
139
143
|
# Redirects all other pre-routing and output to Tor's TransPort
|
|
140
|
-
ipt "-t nat -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@trans_port}"
|
|
141
|
-
|
|
142
|
-
# input
|
|
143
|
-
ipt "-A INPUT -m state --state ESTABLISHED -j ACCEPT"
|
|
144
|
-
ipt "-A INPUT -i #{@lo} -j ACCEPT"
|
|
145
|
-
|
|
146
|
-
# output
|
|
147
|
-
ipt "-A OUTPUT -m owner --uid-owner #{@tor_uid} -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT"
|
|
148
|
-
|
|
149
|
-
# Allow loopback output
|
|
150
|
-
ipt "-A OUTPUT -d #{@lo_addr}/32 -o #{@lo} -j ACCEPT"
|
|
151
|
-
|
|
152
|
-
# tor transparent magic
|
|
153
|
-
ipt "-A OUTPUT -d #{@lo_addr}/32 -p tcp -m tcp --dport #{@trans_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT"
|
|
154
|
-
|
|
155
|
-
ipt "-t filter -A OUTPUT -p udp -j REJECT"
|
|
156
|
-
ipt "-t filter -A OUTPUT -p icmp -j REJECT"
|
|
144
|
+
ipt "-t nat -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@tor.trans_port}"
|
|
157
145
|
end
|
|
158
146
|
|
|
159
147
|
def self.input
|
|
160
148
|
puts "input"
|
|
161
|
-
ipt "-A INPUT -
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
ipt "-A INPUT -
|
|
165
|
-
ipt "-A INPUT -i #{@input} ! -s #{@input_addr} -j DROP"
|
|
166
|
-
# ACCEPT rules
|
|
167
|
-
ipt "-A INPUT -i #{@input} -p tcp -s #{@input_addr} --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
|
|
168
|
-
|
|
169
|
-
ipt "-A INPUT ! -i #{@lo} -j LOG --log-prefix \"DROP \" --log-ip-options --log-tcp-options"
|
|
149
|
+
ipt "-A INPUT -i #{@incoming} -p tcp -s #{@incoming_addr} --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
|
|
150
|
+
|
|
151
|
+
# Allow loopback, rules
|
|
152
|
+
ipt "-A INPUT -m state --state ESTABLISHED -j ACCEPT"
|
|
170
153
|
ipt "-A INPUT -i #{@lo} -j ACCEPT"
|
|
154
|
+
|
|
155
|
+
# Allow DNS lookups from connected clients and internet access through tor.
|
|
156
|
+
ipt "-A INPUT -d #{@incoming_addr} -i #{@incoming} -p udp -m udp --dport #{@tor.dns} -j ACCEPT"
|
|
157
|
+
ipt "-A INPUT -d #{@incoming_addr} -i #{@incoming} -p tcp -m tcp --dport #{@tor.trans_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT"
|
|
158
|
+
|
|
159
|
+
# Default
|
|
160
|
+
ipt "-A INPUT -j DROP"
|
|
171
161
|
end
|
|
172
162
|
|
|
173
163
|
def self.output
|
|
174
164
|
puts "output"
|
|
175
165
|
ipt "-A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix \"DROP INVALID \" --log-ip-options --log-tcp-options"
|
|
176
166
|
ipt "-A OUTPUT -m conntrack --ctstate INVALID -j DROP"
|
|
177
|
-
ipt "-A OUTPUT -m
|
|
167
|
+
ipt "-A OUTPUT -m state --state ESTABLISHED -j ACCEPT"
|
|
178
168
|
|
|
179
|
-
#
|
|
169
|
+
# output
|
|
170
|
+
ipt "-A OUTPUT -m owner --uid-owner #{@tor.uid} -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT"
|
|
171
|
+
|
|
172
|
+
# Accept, allow loopback output
|
|
180
173
|
ipt "-A OUTPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
|
|
181
|
-
ipt "-A OUTPUT
|
|
182
|
-
|
|
174
|
+
ipt "-A OUTPUT -d #{@lo_addr}/32 -o #{@lo} -j ACCEPT"
|
|
175
|
+
|
|
176
|
+
# tor transparent magic
|
|
177
|
+
ipt "-A OUTPUT -d #{@lo_addr}/32 -p tcp -m tcp --dport #{@tor.trans_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT"
|
|
178
|
+
|
|
179
|
+
ipt "-A OUTPUT -j DROP"
|
|
183
180
|
end
|
|
184
181
|
|
|
185
182
|
def self.forward
|
|
@@ -187,8 +184,8 @@ module Spior
|
|
|
187
184
|
ipt "-A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix \"DROP INVALID \" --log-ip-options --log-tcp-options"
|
|
188
185
|
ipt "-A FORWARD -m conntrack --ctstate INVALID -j DROP"
|
|
189
186
|
ipt "-A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT"
|
|
190
|
-
ipt "-A FORWARD -i #{@
|
|
191
|
-
ipt "-A FORWARD -i #{@
|
|
187
|
+
ipt "-A FORWARD -i #{@incoming} ! -s #{@incoming_addr} -j LOG --log-prefix \"SPOOFED PKT \""
|
|
188
|
+
ipt "-A FORWARD -i #{@incoming} ! -s #{@incoming_addr} -j DROP"
|
|
192
189
|
end
|
|
193
190
|
end
|
|
194
191
|
end
|
data/lib/spior/tor.rb
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
require 'pathname'
|
|
2
|
+
require 'nomansland'
|
|
3
|
+
require_relative 'msg'
|
|
4
|
+
|
|
5
|
+
module Spior
|
|
6
|
+
class Tor
|
|
7
|
+
attr_accessor :dns, :uid, :trans_port, :virt_addr
|
|
8
|
+
|
|
9
|
+
def initialize
|
|
10
|
+
@dns = search_dns
|
|
11
|
+
@uid = search_uid
|
|
12
|
+
@trans_port = search_trans_port
|
|
13
|
+
@virt_addr = search_virt_addr
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
private
|
|
17
|
+
|
|
18
|
+
def search_dns
|
|
19
|
+
9061
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def search_uid
|
|
23
|
+
case Nomansland::distro?
|
|
24
|
+
when :debian
|
|
25
|
+
`id -u debian-tor`.chomp
|
|
26
|
+
when :ubuntu
|
|
27
|
+
`id -u debian-tor`.chomp
|
|
28
|
+
else
|
|
29
|
+
`id -u tor`.chomp
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def search_trans_port
|
|
34
|
+
9040
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def search_virt_addr
|
|
38
|
+
"10.192.0.0/10"
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
data/spior.gemspec
CHANGED
|
@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
|
|
|
12
12
|
"wiki_uri" => "https://github.com/szorfein/spior"
|
|
13
13
|
}
|
|
14
14
|
|
|
15
|
-
s.version = "0.0.
|
|
15
|
+
s.version = "0.0.6"
|
|
16
16
|
s.requirements << 'tor'
|
|
17
17
|
s.requirements << 'sudo'
|
|
18
18
|
s.requirements << 'iptables'
|
|
@@ -32,4 +32,5 @@ Gem::Specification.new do |s|
|
|
|
32
32
|
s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") if $0 =~ /gem\z/
|
|
33
33
|
s.add_runtime_dependency('rainbow', '3.0.0')
|
|
34
34
|
s.add_runtime_dependency('interfacez', '1.0.3')
|
|
35
|
+
s.add_runtime_dependency('nomansland', '0.0.2')
|
|
35
36
|
end
|
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spior
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- szorfein
|
|
@@ -35,7 +35,7 @@ cert_chain:
|
|
|
35
35
|
J/zT/q2Ac7BWpSLbv6p9lChBiEnD9j24x463LR5QQjDNS5SsjzRQfFuprsa9Nqf2
|
|
36
36
|
Tw==
|
|
37
37
|
-----END CERTIFICATE-----
|
|
38
|
-
date: 2020-05-
|
|
38
|
+
date: 2020-05-05 00:00:00.000000000 Z
|
|
39
39
|
dependencies:
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: rainbow
|
|
@@ -65,6 +65,20 @@ dependencies:
|
|
|
65
65
|
- - '='
|
|
66
66
|
- !ruby/object:Gem::Version
|
|
67
67
|
version: 1.0.3
|
|
68
|
+
- !ruby/object:Gem::Dependency
|
|
69
|
+
name: nomansland
|
|
70
|
+
requirement: !ruby/object:Gem::Requirement
|
|
71
|
+
requirements:
|
|
72
|
+
- - '='
|
|
73
|
+
- !ruby/object:Gem::Version
|
|
74
|
+
version: 0.0.2
|
|
75
|
+
type: :runtime
|
|
76
|
+
prerelease: false
|
|
77
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
78
|
+
requirements:
|
|
79
|
+
- - '='
|
|
80
|
+
- !ruby/object:Gem::Version
|
|
81
|
+
version: 0.0.2
|
|
68
82
|
description: " A tool to make TOR your default gateway and randomize your hardware.\n"
|
|
69
83
|
email: szorfein@protonmail.com
|
|
70
84
|
executables:
|
|
@@ -93,6 +107,7 @@ files:
|
|
|
93
107
|
- lib/spior/options.rb
|
|
94
108
|
- lib/spior/runner.rb
|
|
95
109
|
- lib/spior/status.rb
|
|
110
|
+
- lib/spior/tor.rb
|
|
96
111
|
- spior.gemspec
|
|
97
112
|
- test/test_install.rb
|
|
98
113
|
- test/test_options.rb
|
metadata.gz.sig
CHANGED
|
Binary file
|