spior 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/CHANGELOG.md +8 -0
- data/README.md +16 -3
- data/lib/spior/install.rb +7 -12
- data/lib/spior/iptables.rb +43 -46
- data/lib/spior/tor.rb +41 -0
- data/spior.gemspec +2 -1
- data.tar.gz.sig +0 -0
- metadata +17 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 90c671028fd720819222b9ef6e9b68801900077b10eb449bd97bf2780ae139df
|
|
4
|
+
data.tar.gz: 39036dd8a1671de7861d5af14f0506802c059764953b3ba9c77a3c0b7bd27f63
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9e6003b20ae3ca7267233b01f2ad00d7fac0035869121aaffed0ea8d53de6c4abfe4f665ded35e6fa14c69121514cd56e3d9310f6d5fc3fb7a938377aa1f0292
|
|
7
|
+
data.tar.gz: 42e2674b7cb4439d120b93fb7f2b865dd3e9579be3dc62978e684f4eb33faf2ad8cc2bb9adf6c9f3c25f94b79a5d7e1e95b80cbc9347ba489753bed279d99772
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
## 0.0.6, release 2020-05-04
|
|
2
|
+
* README, Add examples
|
|
3
|
+
* lib/spior/iptables - rename var input incoming
|
|
4
|
+
* Remove unused rules for iptables (INPUT and OUTPUT)
|
|
5
|
+
* Search tor-uid by distro (tested for gentoo,arch,debian,ubuntu)
|
|
6
|
+
* Add class lib/spior/tor, to check variables and dependencies (later)
|
|
7
|
+
* Add the Gem Nomansland as dependencies
|
|
8
|
+
|
|
1
9
|
## 0.0.5, release 2020-05-03
|
|
2
10
|
* Spior can now redirect all the traffic through TOR
|
|
3
11
|
* Add OptionParser -t|--tor
|
data/README.md
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
# spior
|
|
2
|
-
(Spider|Tor)
|
|
3
|
-
**Still under development !**
|
|
2
|
+
(Spider|Tor) A tool to make TOR your default gateway and randomize your hardware (MAC).
|
|
4
3
|
|
|
5
4
|
## Install
|
|
6
5
|
Spior is cryptographically signed, so add my public key (if you haven’t already) as a trusted certificate.
|
|
@@ -16,12 +15,26 @@ You can install all the dependencies with:
|
|
|
16
15
|
|
|
17
16
|
$ spior --install
|
|
18
17
|
|
|
19
|
-
Please, post an issue if your linux
|
|
18
|
+
Please, post an issue if your distro linux fail.
|
|
20
19
|
|
|
21
20
|
## Usage
|
|
22
21
|
|
|
23
22
|
$ spior -h
|
|
24
23
|
|
|
24
|
+
### Examples
|
|
25
|
+
To change the MAC address for eth0
|
|
26
|
+
|
|
27
|
+
$ spior -c eth0 -m
|
|
28
|
+
|
|
29
|
+
Redirect traffic through TOR
|
|
30
|
+
|
|
31
|
+
$ spior -t
|
|
32
|
+
$ spior -t -c eth0
|
|
33
|
+
|
|
34
|
+
Look informations about your current ip address
|
|
35
|
+
|
|
36
|
+
$ spior -s
|
|
37
|
+
|
|
25
38
|
## Left Over
|
|
26
39
|
|
|
27
40
|
### Issues
|
data/lib/spior/install.rb
CHANGED
|
@@ -1,6 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
require 'pathname'
|
|
1
|
+
require 'nomansland'
|
|
4
2
|
require_relative 'msg'
|
|
5
3
|
|
|
6
4
|
module Spior
|
|
@@ -14,16 +12,14 @@ module Spior
|
|
|
14
12
|
private
|
|
15
13
|
|
|
16
14
|
def self.base_packages
|
|
17
|
-
|
|
18
|
-
|
|
15
|
+
case Nomansland::installer?
|
|
16
|
+
when :emerge
|
|
19
17
|
system('sudo emerge -av --changed-use tor iptables')
|
|
20
|
-
|
|
21
|
-
elsif Pathname.new("/usr/bin/pacman")
|
|
22
|
-
puts "Install with pacman..."
|
|
18
|
+
when :pacman
|
|
23
19
|
system('sudo pacman -S --needed tor iptables')
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
20
|
+
when :yum
|
|
21
|
+
system('sudo yum install tor iptables')
|
|
22
|
+
else
|
|
27
23
|
system('sudo apt-get tor iptables')
|
|
28
24
|
end
|
|
29
25
|
end
|
|
@@ -54,6 +50,5 @@ module Spior
|
|
|
54
50
|
rescue => e
|
|
55
51
|
Msg.err e
|
|
56
52
|
end
|
|
57
|
-
|
|
58
53
|
end
|
|
59
54
|
end
|
data/lib/spior/iptables.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require 'interfacez'
|
|
2
|
+
require_relative 'tor'
|
|
2
3
|
require_relative 'msg'
|
|
3
4
|
|
|
4
5
|
module Spior
|
|
@@ -15,8 +16,9 @@ module Spior
|
|
|
15
16
|
dns
|
|
16
17
|
nat
|
|
17
18
|
input
|
|
18
|
-
output
|
|
19
19
|
forward
|
|
20
|
+
output
|
|
21
|
+
drop_all
|
|
20
22
|
end
|
|
21
23
|
|
|
22
24
|
private
|
|
@@ -24,13 +26,10 @@ module Spior
|
|
|
24
26
|
def self.initialize(interface)
|
|
25
27
|
@lo = Interfacez.loopback
|
|
26
28
|
@lo_addr = Interfacez.ipv4_address_of(@lo)
|
|
27
|
-
@
|
|
28
|
-
@trans_port = 9040
|
|
29
|
-
@tor_uid = `id -u tor 2>&1 | grep "^[0-9]*"`.chomp
|
|
30
|
-
@virt_addr= "10.192.0.0/10"
|
|
29
|
+
@tor = Spior::Tor.new
|
|
31
30
|
@non_tor = ["#{@lo_addr}/8", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
|
|
32
|
-
@
|
|
33
|
-
@
|
|
31
|
+
@incoming = interface
|
|
32
|
+
@incoming_addr = Interfacez.ipv4_address_of(@incoming)
|
|
34
33
|
end
|
|
35
34
|
|
|
36
35
|
def self.select_cmd
|
|
@@ -43,7 +42,8 @@ module Spior
|
|
|
43
42
|
end
|
|
44
43
|
|
|
45
44
|
def self.ipt(line)
|
|
46
|
-
system("#{@i} #{line}")
|
|
45
|
+
system("#{@i} #{line}")
|
|
46
|
+
#puts "added - #{@i} #{line}"
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
def self.flush_rules
|
|
@@ -54,6 +54,9 @@ module Spior
|
|
|
54
54
|
ipt "-t nat -X"
|
|
55
55
|
ipt "-t mangle -F"
|
|
56
56
|
ipt "-t mangle -X"
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def self.drop_all
|
|
57
60
|
ipt "-P INPUT DROP"
|
|
58
61
|
ipt "-P FORWARD DROP"
|
|
59
62
|
ipt "-P OUTPUT DROP"
|
|
@@ -110,22 +113,23 @@ module Spior
|
|
|
110
113
|
ipt "-A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT"
|
|
111
114
|
ipt "-A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix PING-DROP:"
|
|
112
115
|
ipt "-A INPUT -p icmp -j DROP"
|
|
116
|
+
ipt "-A OUTPUT -p icmp -j ACCEPT"
|
|
113
117
|
end
|
|
114
118
|
|
|
115
119
|
def self.dns
|
|
116
120
|
puts "dns"
|
|
117
|
-
ipt "-t nat -A PREROUTING ! -i #{@lo} -p udp -m udp --dport 53 -j REDIRECT --to-ports #{@
|
|
118
|
-
ipt "-t nat -A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports #{@
|
|
119
|
-
ipt "-t nat -A OUTPUT -p tcp -m tcp --dport 53 -j REDIRECT --to-ports #{@
|
|
121
|
+
ipt "-t nat -A PREROUTING ! -i #{@lo} -p udp -m udp --dport 53 -j REDIRECT --to-ports #{@tor.dns}"
|
|
122
|
+
ipt "-t nat -A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports #{@tor.dns}"
|
|
123
|
+
ipt "-t nat -A OUTPUT -p tcp -m tcp --dport 53 -j REDIRECT --to-ports #{@tor.dns}"
|
|
120
124
|
end
|
|
121
125
|
|
|
122
126
|
def self.nat
|
|
123
127
|
puts "nat"
|
|
124
128
|
# nat .onion addresses
|
|
125
|
-
ipt "-t nat -A OUTPUT -d #{@virt_addr} -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@trans_port}"
|
|
129
|
+
ipt "-t nat -A OUTPUT -d #{@tor.virt_addr} -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@tor.trans_port}"
|
|
126
130
|
|
|
127
131
|
# Don't nat the Tor process, the loopback, or the local network
|
|
128
|
-
ipt "-t nat -A OUTPUT -m owner --uid-owner #{@
|
|
132
|
+
ipt "-t nat -A OUTPUT -m owner --uid-owner #{@tor.uid} -j RETURN"
|
|
129
133
|
ipt "-t nat -A OUTPUT -o #{@lo} -j RETURN"
|
|
130
134
|
|
|
131
135
|
# Allow lan access for hosts in $non_tor
|
|
@@ -134,52 +138,45 @@ module Spior
|
|
|
134
138
|
end
|
|
135
139
|
|
|
136
140
|
# Redirects all other pre-routing and output to Tor's TransPort
|
|
137
|
-
ipt "-t nat -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@trans_port}"
|
|
141
|
+
ipt "-t nat -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@tor.trans_port}"
|
|
138
142
|
|
|
139
143
|
# Redirects all other pre-routing and output to Tor's TransPort
|
|
140
|
-
ipt "-t nat -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@trans_port}"
|
|
141
|
-
|
|
142
|
-
# input
|
|
143
|
-
ipt "-A INPUT -m state --state ESTABLISHED -j ACCEPT"
|
|
144
|
-
ipt "-A INPUT -i #{@lo} -j ACCEPT"
|
|
145
|
-
|
|
146
|
-
# output
|
|
147
|
-
ipt "-A OUTPUT -m owner --uid-owner #{@tor_uid} -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT"
|
|
148
|
-
|
|
149
|
-
# Allow loopback output
|
|
150
|
-
ipt "-A OUTPUT -d #{@lo_addr}/32 -o #{@lo} -j ACCEPT"
|
|
151
|
-
|
|
152
|
-
# tor transparent magic
|
|
153
|
-
ipt "-A OUTPUT -d #{@lo_addr}/32 -p tcp -m tcp --dport #{@trans_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT"
|
|
154
|
-
|
|
155
|
-
ipt "-t filter -A OUTPUT -p udp -j REJECT"
|
|
156
|
-
ipt "-t filter -A OUTPUT -p icmp -j REJECT"
|
|
144
|
+
ipt "-t nat -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@tor.trans_port}"
|
|
157
145
|
end
|
|
158
146
|
|
|
159
147
|
def self.input
|
|
160
148
|
puts "input"
|
|
161
|
-
ipt "-A INPUT -
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
ipt "-A INPUT -
|
|
165
|
-
ipt "-A INPUT -i #{@input} ! -s #{@input_addr} -j DROP"
|
|
166
|
-
# ACCEPT rules
|
|
167
|
-
ipt "-A INPUT -i #{@input} -p tcp -s #{@input_addr} --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
|
|
168
|
-
|
|
169
|
-
ipt "-A INPUT ! -i #{@lo} -j LOG --log-prefix \"DROP \" --log-ip-options --log-tcp-options"
|
|
149
|
+
ipt "-A INPUT -i #{@incoming} -p tcp -s #{@incoming_addr} --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
|
|
150
|
+
|
|
151
|
+
# Allow loopback, rules
|
|
152
|
+
ipt "-A INPUT -m state --state ESTABLISHED -j ACCEPT"
|
|
170
153
|
ipt "-A INPUT -i #{@lo} -j ACCEPT"
|
|
154
|
+
|
|
155
|
+
# Allow DNS lookups from connected clients and internet access through tor.
|
|
156
|
+
ipt "-A INPUT -d #{@incoming_addr} -i #{@incoming} -p udp -m udp --dport #{@tor.dns} -j ACCEPT"
|
|
157
|
+
ipt "-A INPUT -d #{@incoming_addr} -i #{@incoming} -p tcp -m tcp --dport #{@tor.trans_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT"
|
|
158
|
+
|
|
159
|
+
# Default
|
|
160
|
+
ipt "-A INPUT -j DROP"
|
|
171
161
|
end
|
|
172
162
|
|
|
173
163
|
def self.output
|
|
174
164
|
puts "output"
|
|
175
165
|
ipt "-A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix \"DROP INVALID \" --log-ip-options --log-tcp-options"
|
|
176
166
|
ipt "-A OUTPUT -m conntrack --ctstate INVALID -j DROP"
|
|
177
|
-
ipt "-A OUTPUT -m
|
|
167
|
+
ipt "-A OUTPUT -m state --state ESTABLISHED -j ACCEPT"
|
|
178
168
|
|
|
179
|
-
#
|
|
169
|
+
# output
|
|
170
|
+
ipt "-A OUTPUT -m owner --uid-owner #{@tor.uid} -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT"
|
|
171
|
+
|
|
172
|
+
# Accept, allow loopback output
|
|
180
173
|
ipt "-A OUTPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
|
|
181
|
-
ipt "-A OUTPUT
|
|
182
|
-
|
|
174
|
+
ipt "-A OUTPUT -d #{@lo_addr}/32 -o #{@lo} -j ACCEPT"
|
|
175
|
+
|
|
176
|
+
# tor transparent magic
|
|
177
|
+
ipt "-A OUTPUT -d #{@lo_addr}/32 -p tcp -m tcp --dport #{@tor.trans_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT"
|
|
178
|
+
|
|
179
|
+
ipt "-A OUTPUT -j DROP"
|
|
183
180
|
end
|
|
184
181
|
|
|
185
182
|
def self.forward
|
|
@@ -187,8 +184,8 @@ module Spior
|
|
|
187
184
|
ipt "-A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix \"DROP INVALID \" --log-ip-options --log-tcp-options"
|
|
188
185
|
ipt "-A FORWARD -m conntrack --ctstate INVALID -j DROP"
|
|
189
186
|
ipt "-A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT"
|
|
190
|
-
ipt "-A FORWARD -i #{@
|
|
191
|
-
ipt "-A FORWARD -i #{@
|
|
187
|
+
ipt "-A FORWARD -i #{@incoming} ! -s #{@incoming_addr} -j LOG --log-prefix \"SPOOFED PKT \""
|
|
188
|
+
ipt "-A FORWARD -i #{@incoming} ! -s #{@incoming_addr} -j DROP"
|
|
192
189
|
end
|
|
193
190
|
end
|
|
194
191
|
end
|
data/lib/spior/tor.rb
ADDED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
require 'pathname'
|
|
2
|
+
require 'nomansland'
|
|
3
|
+
require_relative 'msg'
|
|
4
|
+
|
|
5
|
+
module Spior
|
|
6
|
+
class Tor
|
|
7
|
+
attr_accessor :dns, :uid, :trans_port, :virt_addr
|
|
8
|
+
|
|
9
|
+
def initialize
|
|
10
|
+
@dns = search_dns
|
|
11
|
+
@uid = search_uid
|
|
12
|
+
@trans_port = search_trans_port
|
|
13
|
+
@virt_addr = search_virt_addr
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
private
|
|
17
|
+
|
|
18
|
+
def search_dns
|
|
19
|
+
9061
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def search_uid
|
|
23
|
+
case Nomansland::distro?
|
|
24
|
+
when :debian
|
|
25
|
+
`id -u debian-tor`.chomp
|
|
26
|
+
when :ubuntu
|
|
27
|
+
`id -u debian-tor`.chomp
|
|
28
|
+
else
|
|
29
|
+
`id -u tor`.chomp
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def search_trans_port
|
|
34
|
+
9040
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def search_virt_addr
|
|
38
|
+
"10.192.0.0/10"
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
data/spior.gemspec
CHANGED
|
@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
|
|
|
12
12
|
"wiki_uri" => "https://github.com/szorfein/spior"
|
|
13
13
|
}
|
|
14
14
|
|
|
15
|
-
s.version = "0.0.
|
|
15
|
+
s.version = "0.0.6"
|
|
16
16
|
s.requirements << 'tor'
|
|
17
17
|
s.requirements << 'sudo'
|
|
18
18
|
s.requirements << 'iptables'
|
|
@@ -32,4 +32,5 @@ Gem::Specification.new do |s|
|
|
|
32
32
|
s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") if $0 =~ /gem\z/
|
|
33
33
|
s.add_runtime_dependency('rainbow', '3.0.0')
|
|
34
34
|
s.add_runtime_dependency('interfacez', '1.0.3')
|
|
35
|
+
s.add_runtime_dependency('nomansland', '0.0.2')
|
|
35
36
|
end
|
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spior
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- szorfein
|
|
@@ -35,7 +35,7 @@ cert_chain:
|
|
|
35
35
|
J/zT/q2Ac7BWpSLbv6p9lChBiEnD9j24x463LR5QQjDNS5SsjzRQfFuprsa9Nqf2
|
|
36
36
|
Tw==
|
|
37
37
|
-----END CERTIFICATE-----
|
|
38
|
-
date: 2020-05-
|
|
38
|
+
date: 2020-05-05 00:00:00.000000000 Z
|
|
39
39
|
dependencies:
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: rainbow
|
|
@@ -65,6 +65,20 @@ dependencies:
|
|
|
65
65
|
- - '='
|
|
66
66
|
- !ruby/object:Gem::Version
|
|
67
67
|
version: 1.0.3
|
|
68
|
+
- !ruby/object:Gem::Dependency
|
|
69
|
+
name: nomansland
|
|
70
|
+
requirement: !ruby/object:Gem::Requirement
|
|
71
|
+
requirements:
|
|
72
|
+
- - '='
|
|
73
|
+
- !ruby/object:Gem::Version
|
|
74
|
+
version: 0.0.2
|
|
75
|
+
type: :runtime
|
|
76
|
+
prerelease: false
|
|
77
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
78
|
+
requirements:
|
|
79
|
+
- - '='
|
|
80
|
+
- !ruby/object:Gem::Version
|
|
81
|
+
version: 0.0.2
|
|
68
82
|
description: " A tool to make TOR your default gateway and randomize your hardware.\n"
|
|
69
83
|
email: szorfein@protonmail.com
|
|
70
84
|
executables:
|
|
@@ -93,6 +107,7 @@ files:
|
|
|
93
107
|
- lib/spior/options.rb
|
|
94
108
|
- lib/spior/runner.rb
|
|
95
109
|
- lib/spior/status.rb
|
|
110
|
+
- lib/spior/tor.rb
|
|
96
111
|
- spior.gemspec
|
|
97
112
|
- test/test_install.rb
|
|
98
113
|
- test/test_options.rb
|
metadata.gz.sig
CHANGED
|
Binary file
|