spior 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e99a81242d64a4764fe159a89b0da69b2920e6a23669289e47c929c30aa9fb05
+  data.tar.gz: 2b747268e80b4fe1925cd951943bf062f09ac17707ff97f6ae536ad4585af44d
+SHA512:
+  metadata.gz: e2db8f8b6f8af9627c74857a306e7b2bad22b95791b2cc6bcdf35e4d91be9b430aebc110bfc2372b3dbebd954c1429e2470995cff806d452aa92cf2fc5838f33
+  data.tar.gz: 1547dadc53b9bb3ee702a39a6c801a2b5591a08324da4936c7b7debba1bc8a7f8619f107c24826a6294fdb3f4f97cf5a665bc70370cb5286a2e10ee57e0720c4

data/.gitignore

@@ -0,0 +1,58 @@
+*.swp
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+Makefile
+
+# Used by dotenv library to load environment variables.
+# .env
+
+# Ignore Byebug command history file.
+.byebug_history
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+# Used by RuboCop. Remote config files pulled in from inherit_from directive.
+# .rubocop-https?--*

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 szorfein
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# spior
+(Spider|Tor). A tool to make TOR your default gateway and randomize your hardware (MAC).  
+**Still under development !**
+
+## Prerequisite
+Just a little tool for change the mac address in POSIX shell.
+
+    $ curl -s -L -o deceitmac.tar.gz https://github.com/szorfein/deceitmac/archive/master.tar.gz
+    $ tar xvf deceitmac-master
+    $ cd deceitmac-master
+    $ sudo make install
+
+## Install
+Spior is cryptographically signed, so add my public key (if you haven’t already) as a trusted certificate.
+
+    $ gem cert --add <(curl -Ls https://raw.githubusercontent.com/szorfein/spior/master/certs/szorfein.pem)
+
+And install the gem
+
+    $ gem install spior -P MediumSecurity
+
+## Usage
+
+    $ spior -h
+    $ spior --install
+
+### links
++ https://rubyreferences.github.io/rubyref
++ https://rubystyle.guide/

data/bin/spior

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+
+require 'spior/runner'
+
+runner = Spior::Runner.new(ARGV)
+runner.run

data/conf/ipt_mod.conf

@@ -0,0 +1,5 @@
+nf_log_arp
+nf_log_ipv4
+nf_log_common
+iptable_nat
+xt_LOG

data/conf/iptables.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Packet Filtering Framework
+Before=network-pre.target
+Wants=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/sbin/iptables-restore /var/lib/iptables/rules-save
+ExecReload=/sbin/iptables-restore /var/lib/iptables/rules-save
+#ExecStop=/usr/lib/systemd/scripts/iptables-flush
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

data/conf/resolv.conf

@@ -0,0 +1 @@
+nameserver 127.0.0.1

data/conf/ssh.conf

@@ -0,0 +1,29 @@
+Host *.onion
+  ProxyCommand socat - SOCKS4A:localhost:%h:%p,socksport=9050
+
+Host github.com
+  KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
+  Ciphers chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc
+  MACs hmac-sha2-256,hmac-sha2-512,hmac-sha1
+
+Host *
+  Protocol 2
+  KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+
+  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
+
+  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+
+  PasswordAuthentication no
+  ChallengeResponseAuthentication no
+  PubkeyAuthentication yes
+  ForwardX11Trusted no
+  ForwardX11 no
+  ForwardAgent no
+  ConnectTimeout 40
+
+# Send locale environment variables. #367017
+SendEnv LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
+
+# Send COLORTERM to match TERM. #658540
+SendEnv COLORTERM

data/conf/sshd.conf

@@ -0,0 +1,46 @@
+# ref https://github.com/stribika/stribika.github.io/wiki/Secure-Secure-Shell
+# ref https://github.com/jumanjihouse/devenv/blob/master/app/etc/ssh/sshd_config
+# ref https://www.ssh.com/ssh/sshd_config/
+
+# Support for curve25519 KEX and chacha20 are on the wishlist.
+KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+
+hostkeyalgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256
+
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
+
+Protocol 2
+AllowGroups ssh-user
+
+# Only allow 4096-byte RSA key
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+
+PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+ChallengeResponseAuthentication no
+
+PubkeyAuthentication yes
+
+# With TOR
+#ListenAddress 127.0.0.1:22
+
+UsePAM yes
+PasswordAuthentication no
+PrintMotd no
+PrintLastLog no
+
+X11Forwarding no
+permitrootlogin no
+
+# override default of no subsystems
+Subsystem sftp  /usr/lib64/misc/sftp-server
+
+# Allow client to pass locale environment variables. #367017
+AcceptEnv LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
+
+# Allow client to pass COLORTERM to match TERM. #658540
+AcceptEnv COLORTERM

data/conf/sshuttle.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Create a transparent proxy over SSH with sshuttle
+After=network-online.target
+
+[Service]
+Type=notify
+NotifyAccess=all
+ExecStart=/usr/bin/sshuttle -vr username@localhost 0/0
+
+[Install]
+WantedBy=multi-user.target

data/conf/torrc

@@ -0,0 +1,20 @@
+User tor
+PIDFile /run/tor/tor.pid
+DataDirectory /var/lib/tor/data
+
+Log notice stdout
+
+GeoIPExcludeUnknown 1
+
+## Torified DNS
+DNSPort 127.0.0.1:9061
+AutomapHostsOnResolve 1
+AutomapHostsSuffixes .exit,.onion
+
+SocksPort 9050
+
+VirtualAddrNetworkIPv4 10.192.0.0/10
+TransPort 9040 IsolateClientAddr IsolateClientProtocol IsolateDestAddr IsolateDestPort
+
+TestSocks 1
+MaxCircuitDirtiness 600

data/lib/spior/install.rb

@@ -0,0 +1,72 @@
+#!/usr/bin/env ruby
+
+require 'pathname'
+require 'date'
+require 'digest'
+require_relative 'msg'
+
+module Spior
+  class Install
+
+    def self.dependencies
+      if Pathname.new("/usr/bin/emerge")
+        puts "Install with emerge..."
+        system('sudo emerge -av --changed-use tor iptables')
+
+      elsif Pathname.new("/usr/bin/pacman")
+        puts "Install with pacman..."
+        system('sudo pacman -S --needed tor iptables')
+
+      elsif Pathname.new("/usr/bin/apt-get")
+        puts "Install with apt-get"
+        system('sudo apt-get tor iptables')
+      end
+    end
+
+    def self.config_files
+      copy_file("torrc", "/etc/tor/torrc")
+      copy_file("resolv.conf", "/etc/resolv.conf")
+      copy_file("ipt_mod.conf", "/etc/modules-load.d/ipt_mod.conf")
+    end
+
+    private
+
+    def self.copy_file(conf, target)
+      @config_file = "conf/#{conf}"
+      return if check_hash(target)
+      if File.exist? target then
+        print "Target #{target} exist, backup and replace? [N/y] "
+        choice = gets.chomp
+        if choice =~ /y|Y/ then
+          backup_file(target)
+          add_file target
+        end
+      else
+        add_file target
+      end
+    end
+
+    def self.check_hash(target)
+      return unless File.exist? target
+      sha256conf = Digest::SHA256.file @config_file
+      sha256target = Digest::SHA256.file target
+      if sha256conf === sha256target then
+        Msg.p "File #{target} alrealy exist, skip"
+        return true
+      end
+      return false
+    end
+
+    def self.backup_file(target)
+      d = DateTime.now
+      backup = target + ".backup-" + d.strftime('%b-%d_%I-%M')
+      system("sudo cp -a #{target} #{backup}")
+      puts "Renamed file #{backup}"
+    end
+
+    def self.add_file(target)
+      system("sudo cp -a #{@config_file} #{target}")
+      Msg.p "File #{@config_file} has been successfully copied at #{target}"
+    end
+  end
+end

data/lib/spior/msg.rb

@@ -0,0 +1,15 @@
+require 'rainbow'
+
+module Msg
+  def self.head
+    puts Rainbow("------------------------------------------------").cyan
+  end
+
+  def self.p(text)
+    puts Rainbow("[").cyan + Rainbow("+").white + Rainbow("]").cyan + " " + text
+  end
+
+  def self.err(text)
+    puts Rainbow("[").red + Rainbow("-").white + Rainbow("]").red + " " + text
+  end
+end

data/lib/spior/options.rb

@@ -0,0 +1,47 @@
+require 'optparse'
+require_relative 'status'
+
+module Spior
+  class Options
+    attr_reader :install
+    attr_reader :copy
+
+    def initialize(argv)
+      @install = false
+      @copy = false
+      parse(argv)
+    end
+
+    private
+
+    def parse(argv)
+      OptionParser.new do |opts|
+
+        opts.on("-i", "--install", "Install dependencies") do
+          @install = true
+        end
+
+        opts.on("-c", "--copy", "Copy config files") do
+          @copy = true
+        end
+
+        opts.on("-s", "--status", "Look infos about your current ip") do
+          Spior::Status::info
+        end
+
+        opts.on("-h", "--help", "Show this message") do
+          puts opts
+          exit
+        end
+
+        begin
+          argv = ["-h"] if argv.empty?
+          opts.parse!(argv)
+        rescue OptionParser::ParseError => e
+          STDERR.puts e.message, "\n", opts
+          exit(-1)
+        end
+      end
+    end
+  end
+end

data/lib/spior/runner.rb

@@ -0,0 +1,22 @@
+require_relative 'options'
+require_relative 'install'
+require_relative 'msg'
+
+module Spior
+  class Runner
+    def initialize(argv)
+      @options = Options.new(argv)
+    end
+
+    def run
+      if @options.install then
+        Msg.head
+        Spior::Install::dependencies
+      end
+      if @options.copy then
+        Msg.head
+        Spior::Install::config_files
+      end
+    end
+  end
+end

data/lib/spior/status.rb

@@ -0,0 +1,21 @@
+#!/usr/bin/env ruby
+
+require 'open-uri'
+require 'json'
+
+module Spior
+  class Status
+
+    # TODO: if someone want help, i have trouble to make JSON.parse() work here
+    # the output is very very ugly !
+    def self.info
+      uri = URI.parse("https://ipleak.net/json")
+      uri.open {|f|
+        f.each_line {|line|
+          p line
+        }
+      }
+    end
+
+  end
+end

data/spior.gemspec

@@ -0,0 +1,22 @@
+Gem::Specification.new do |s|
+  s.name = "spior"
+  s.summary = "A tool to make TOR your default gateway"
+  s.description = File.read(File.join(File.dirname(__FILE__), "README.md"))
+  s.version = "0.0.2"
+  s.requirements << 'tor'
+  s.requirements << 'sudo'
+  s.requirements << 'iptables'
+  s.platform = Gem::Platform::RUBY
+  s.author = ['szorfein']
+  s.homepage = 'https://github.com/szorfein/spior'
+  s.email = 'szorfein@protonmail.com'
+  s.required_ruby_version = '>=2.4'
+  s.files = `git ls-files`.split(" ")
+  s.files.reject! { |fn| fn.include? "certs" }
+  s.executables = [ 'spior' ]
+  s.test_files = Dir["test/test_*.rb"]
+  s.licenses = ['MIT']
+  s.cert_chain = ['certs/szorfein.pem']
+  s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") if $0 =~ /gem\z/
+  s.add_runtime_dependency('rainbow', '3.0.0')
+end

data/test/test_install.rb

@@ -0,0 +1,12 @@
+require 'minitest/autorun'
+require_relative '../lib/spior/install'
+require 'pathname'
+
+class TestInstall < Minitest::Test
+
+  def test_sudo_is_installed
+    sudo = `which sudo`
+    assert_match(/sudo/, sudo, "sudo isn't installed?")
+  end
+
+end

data/test/test_options.rb

@@ -0,0 +1,5 @@
+require 'minitest/autorun'
+require_relative '../lib/spior/options'
+
+class TestOptions < Minitest::Test
+end

metadata

@@ -0,0 +1,117 @@
+--- !ruby/object:Gem::Specification
+name: spior
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- szorfein
+autorequire: 
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIETTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQDDB1zem9y
+  ZmVpbi9EQz1wcm90b25tYWlsL0RDPWNvbTAeFw0yMDA0MzAxNzAxNDBaFw0yMTA0
+  MzAxNzAxNDBaMCgxJjAkBgNVBAMMHXN6b3JmZWluL0RDPXByb3Rvbm1haWwvREM9
+  Y29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxCTYZRndCTRy18rE
+  exr2wig/staa0G5kt99xqaBYD0dnIRBr/GO5dFntlBVwmefQlTrNbygVUIYTb8Vg
+  B1oX3v/LLW9SRQcWaZwou0tARqanm5WhgV1ZYQTs22endTazsDHw0uhM3V+FgDh+
+  eR5wM9vU+SkRFHWzjVS1OxyTSCBVWb3+nrYTr/OKZ5Fm3Vo1dEQdwBEWLLXuUBxs
+  dWEDmBk7iTJbvNdd5Kk2wfMKRMOl9NGicJl3Cb5yl5ITeZsXdOsrLBBPepTpNeq2
+  k1goew3mEd/4pVXrdw6S5Qr6RTbTCLpKNRxWtx01vue9NN1cQ/Ds5FRkCp/Ntw/k
+  Xroyofo4MW5fEPq+udgvVpdTfguQkpmuJg7TRiq9F5hDhEMnKUsdM2fSev9u8EvL
+  OkidKy8bnhUOoG9qDxEG/IyibjRLl1i5jtyHa8Jb/We8poZ5LI8qjHwMPjTBhDgi
+  EzaYV5rLGs5S1/m58XG6a+620x2tcQZph6FFbnQJ8QBuNz6zAgMBAAGjgYEwfzAJ
+  BgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUc8XWveAjxS5fVEOZeeZe
+  uUQmbhMwIgYDVR0RBBswGYEXc3pvcmZlaW5AcHJvdG9ubWFpbC5jb20wIgYDVR0S
+  BBswGYEXc3pvcmZlaW5AcHJvdG9ubWFpbC5jb20wDQYJKoZIhvcNAQELBQADggGB
+  AG4K1ZJdzcVABSnVuD83z5ne9eBlrYscHHSXev5FX32jFdKxl19FQ+eorjSOTsNq
+  SIgKneQOKdsWIlv8M6NDiUDcc1s504fOpIVtMbP+6n47hBGz4bzGlAdtvTO1PewK
+  tW6ii8TOCOJ3Pv6bTzQlsaQrADi2MHuVHTb14H7uoSFJNzfU4sYJn1C3PRMC3G7n
+  Qe/zVOdMf0bkwBnfQNojbwx3Vy1jr2JSQWjK25NYimpuKV0skanU0iBiqru6VCbK
+  zhDNufCgCnWLwXXET3onVQMZsiLTUFf30BXX7PY1O0Km15MQn1HzOecJ3ZIDBWtS
+  d/lg1MHB7+/FQAY5FujZqvVv5i2M9wLx+7N4ONRA7MsWD86hLiYN68QeRsHI+LNf
+  AnVdw7i28f3GhZldcdllblGeTOjSfwl9wL4yBb1UwVjvcwMR5SDed0yPmHPXBiAC
+  J/zT/q2Ac7BWpSLbv6p9lChBiEnD9j24x463LR5QQjDNS5SsjzRQfFuprsa9Nqf2
+  Tw==
+  -----END CERTIFICATE-----
+date: 2020-05-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rainbow
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+description: "# spior\n(Spider|Tor). A tool to make TOR your default gateway and randomize
+  your hardware (MAC).  \n**Still under development !**\n\n## Prerequisite\nJust a
+  little tool for change the mac address in POSIX shell.\n\n    $ curl -s -L -o deceitmac.tar.gz
+  https://github.com/szorfein/deceitmac/archive/master.tar.gz\n    $ tar xvf deceitmac-master\n
+  \   $ cd deceitmac-master\n    $ sudo make install\n\n## Install\nSpior is cryptographically
+  signed, so add my public key (if you haven’t already) as a trusted certificate.\n\n
+  \   $ gem cert --add <(curl -Ls https://raw.githubusercontent.com/szorfein/spior/master/certs/szorfein.pem)\n\nAnd
+  install the gem\n\n    $ gem install spior -P MediumSecurity\n\n## Usage\n\n    $
+  spior -h\n    $ spior --install\n\n### links\n+ https://rubyreferences.github.io/rubyref\n+
+  https://rubystyle.guide/"
+email: szorfein@protonmail.com
+executables:
+- spior
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- LICENSE
+- README.md
+- bin/spior
+- conf/ipt_mod.conf
+- conf/iptables.service
+- conf/resolv.conf
+- conf/ssh.conf
+- conf/sshd.conf
+- conf/sshuttle.service
+- conf/torrc
+- lib/spior/install.rb
+- lib/spior/msg.rb
+- lib/spior/options.rb
+- lib/spior/runner.rb
+- lib/spior/status.rb
+- spior.gemspec
+- test/test_install.rb
+- test/test_options.rb
+homepage: https://github.com/szorfein/spior
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.4'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements:
+- tor
+- sudo
+- iptables
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: A tool to make TOR your default gateway
+test_files:
+- test/test_options.rb
+- test/test_install.rb