spior 0.0.4 → 0.0.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/CHANGELOG.md +8 -0
  4. data/lib/spior/copy.rb +0 -2
  5. data/lib/spior/iptables.rb +194 -0
  6. data/lib/spior/mac.rb +4 -33
  7. data/lib/spior/network.rb +46 -0
  8. data/lib/spior/options.rb +8 -3
  9. data/lib/spior/runner.rb +14 -1
  10. data/spior.gemspec +2 -3
  11. data.tar.gz.sig +0 -0
  12. metadata +5 -5
  13. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b62d34281190d72cbaa36cc999dc6ced8e652b2ee134c215fe232f4e9c7abc33
4
- data.tar.gz: 3e0eed4ff972cabfc8d2d6e69f3e00574cec7af55f63addca6c8158cf727386f
3
+ metadata.gz: fd5390387f810136edd22aaa9cad905c3a04883faf366278cb9384e5f54605f9
4
+ data.tar.gz: 6c8be038056d9407403bc72dc919a1f63dcfe2edd8c9dc940352dd05dac4f0f8
5
5
  SHA512:
6
- metadata.gz: 4c92161d748562eafdcb51a8dbcc1d5d78d830131b07f4f97c9e041d533e113f3288e406b8e9b8eda7ef4302fa6ac9dd0e68404a2e364d79f4a5db3be6516337
7
- data.tar.gz: 566584154534bb25415246092b134f6a849b37244cd484fae3717921be51bbbda3f81969e2670c6c83ff0039385664d7d878de57f992772484b4580ee0248ccd
6
+ metadata.gz: 5cac5ac6b18fded218c40beec95e53cbb85f7e85f6c58bf681085dc28370661da6997518c575d0365852a56c8ba102037414e6b10dc69ef522346bc8b7a24eb8
7
+ data.tar.gz: 8d96a2e4e9f7646011bbab44615e723bb0032de3bc47c8f97e11fb36df8741f30dc6f2b2aeef75ba50a6ec4b1f3fc59007ca61dd7922bd7f4f648d5d13db7f51
checksums.yaml.gz.sig CHANGED
Binary file
data/CHANGELOG.md CHANGED
@@ -1,3 +1,11 @@
1
+ ## 0.0.5, release 2020-05-03
2
+ * Spior can now redirect all the traffic through TOR
3
+ * Add OptionParser -t|--tor
4
+ * Change class lib/spior/mac by module
5
+ * Correct option -c|--card NAME
6
+ * Create lib/spior/network
7
+ * Create lib/spior/iptables
8
+
1
9
  ## 0.0.4, release 2020-05-02
2
10
  * Spior can now randomize a mac address with decertmac
3
11
  * Add field s.metadata to spior.gemspec
data/lib/spior/copy.rb CHANGED
@@ -1,5 +1,3 @@
1
- #!/usr/bin/env ruby
2
-
3
1
  require 'pathname'
4
2
  require 'date'
5
3
  require 'digest'
data/lib/spior/iptables.rb ADDED
@@ -0,0 +1,194 @@
1
+ require 'interfacez'
2
+ require_relative 'msg'
3
+
4
+ module Spior
5
+ class Iptables
6
+
7
+ def self.tor(interface = false)
8
+ initialize(interface)
9
+ select_cmd
10
+ flush_rules
11
+ bogus_tcp_flags
12
+ bad_packets
13
+ spoofing
14
+ icmp
15
+ dns
16
+ nat
17
+ input
18
+ output
19
+ forward
20
+ end
21
+
22
+ private
23
+
24
+ def self.initialize(interface)
25
+ @lo = Interfacez.loopback
26
+ @lo_addr = Interfacez.ipv4_address_of(@lo)
27
+ @tor_dns = 9061
28
+ @trans_port = 9040
29
+ @tor_uid = `id -u tor 2>&1 | grep "^[0-9]*"`.chomp
30
+ @virt_addr= "10.192.0.0/10"
31
+ @non_tor = ["#{@lo_addr}/8", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
32
+ @input = interface
33
+ @input_addr = Interfacez.ipv4_address_of(@input)
34
+ end
35
+
36
+ def self.select_cmd
37
+ id=`id -u`
38
+ if id == 0 then
39
+ @i = "iptables"
40
+ else
41
+ @i = "sudo iptables"
42
+ end
43
+ end
44
+
45
+ def self.ipt(line)
46
+ system("#{@i} #{line}")
47
+ end
48
+
49
+ def self.flush_rules
50
+ puts "flush"
51
+ ipt "-F"
52
+ ipt "-X"
53
+ ipt "-t nat -F"
54
+ ipt "-t nat -X"
55
+ ipt "-t mangle -F"
56
+ ipt "-t mangle -X"
57
+ ipt "-P INPUT DROP"
58
+ ipt "-P FORWARD DROP"
59
+ ipt "-P OUTPUT DROP"
60
+ end
61
+
62
+ def self.bogus_tcp_flags
63
+ puts "bogus"
64
+ ipt "-t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP"
65
+ ipt "-t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP"
66
+ ipt "-t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP"
67
+ ipt "-t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP"
68
+ ipt "-t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP"
69
+ ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP"
70
+ ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP"
71
+ ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP"
72
+ ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP"
73
+ ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP"
74
+ ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP"
75
+ ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP"
76
+ ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP"
77
+ end
78
+
79
+ def self.bad_packets
80
+ puts "bad_packets"
81
+ # new packet not syn
82
+ ipt "-t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP"
83
+ # fragment packet
84
+ ipt "-A INPUT -f -j DROP"
85
+ # XMAS
86
+ ipt "-A INPUT -p tcp --tcp-flags ALL ALL -j DROP"
87
+ # null packet
88
+ ipt "-A INPUT -p tcp --tcp-flags ALL NONE -j DROP"
89
+ end
90
+
91
+ def self.spoofing
92
+ subs=["224.0.0.0/3", "169.254.0.0/16", "172.16.0.0/12", "192.0.2.0/24", "0.0.0.0/8", "240.0.0.0/5"]
93
+ subs.each do |sub|
94
+ ipt "-t mangle -A PREROUTING -s #{sub} -j DROP"
95
+ end
96
+ ipt "-t mangle -A PREROUTING -s #{@lo_addr}/8 ! -i #{@lo} -j DROP"
97
+ end
98
+
99
+ def self.icmp
100
+ puts "icmp"
101
+ ipt "-N port-scanning"
102
+ ipt "-A port-scanning -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 2 -j RETURN"
103
+ ipt "-A port-scanning -j DROP"
104
+
105
+ ipt "-N syn_flood"
106
+ ipt "-A INPUT -p tcp --syn -j syn_flood"
107
+ ipt "-A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN"
108
+ ipt "-A syn_flood -j DROP"
109
+
110
+ ipt "-A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT"
111
+ ipt "-A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix PING-DROP:"
112
+ ipt "-A INPUT -p icmp -j DROP"
113
+ end
114
+
115
+ def self.dns
116
+ puts "dns"
117
+ ipt "-t nat -A PREROUTING ! -i #{@lo} -p udp -m udp --dport 53 -j REDIRECT --to-ports #{@tor_dns}"
118
+ ipt "-t nat -A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports #{@tor_dns}"
119
+ ipt "-t nat -A OUTPUT -p tcp -m tcp --dport 53 -j REDIRECT --to-ports #{@tor_dns}"
120
+ end
121
+
122
+ def self.nat
123
+ puts "nat"
124
+ # nat .onion addresses
125
+ ipt "-t nat -A OUTPUT -d #{@virt_addr} -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@trans_port}"
126
+
127
+ # Don't nat the Tor process, the loopback, or the local network
128
+ ipt "-t nat -A OUTPUT -m owner --uid-owner #{@tor_uid} -j RETURN"
129
+ ipt "-t nat -A OUTPUT -o #{@lo} -j RETURN"
130
+
131
+ # Allow lan access for hosts in $non_tor
132
+ @non_tor.each do |lan|
133
+ ipt "-t nat -A OUTPUT -d #{lan} -j RETURN"
134
+ end
135
+
136
+ # Redirects all other pre-routing and output to Tor's TransPort
137
+ ipt "-t nat -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@trans_port}"
138
+
139
+ # Redirects all other pre-routing and output to Tor's TransPort
140
+ ipt "-t nat -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports #{@trans_port}"
141
+
142
+ # input
143
+ ipt "-A INPUT -m state --state ESTABLISHED -j ACCEPT"
144
+ ipt "-A INPUT -i #{@lo} -j ACCEPT"
145
+
146
+ # output
147
+ ipt "-A OUTPUT -m owner --uid-owner #{@tor_uid} -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT"
148
+
149
+ # Allow loopback output
150
+ ipt "-A OUTPUT -d #{@lo_addr}/32 -o #{@lo} -j ACCEPT"
151
+
152
+ # tor transparent magic
153
+ ipt "-A OUTPUT -d #{@lo_addr}/32 -p tcp -m tcp --dport #{@trans_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT"
154
+
155
+ ipt "-t filter -A OUTPUT -p udp -j REJECT"
156
+ ipt "-t filter -A OUTPUT -p icmp -j REJECT"
157
+ end
158
+
159
+ def self.input
160
+ puts "input"
161
+ ipt "-A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix \"DROP INVALID \" --log-ip-options --log-tcp-options"
162
+ ipt "-A INPUT -m conntrack --ctstate INVALID -j DROP"
163
+ ipt "-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT"
164
+ ipt "-A INPUT -i #{@input} ! -s #{@input_addr} -j LOG --log-prefix \"SPOOFED PKT \""
165
+ ipt "-A INPUT -i #{@input} ! -s #{@input_addr} -j DROP"
166
+ # ACCEPT rules
167
+ ipt "-A INPUT -i #{@input} -p tcp -s #{@input_addr} --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
168
+
169
+ ipt "-A INPUT ! -i #{@lo} -j LOG --log-prefix \"DROP \" --log-ip-options --log-tcp-options"
170
+ ipt "-A INPUT -i #{@lo} -j ACCEPT"
171
+ end
172
+
173
+ def self.output
174
+ puts "output"
175
+ ipt "-A OUTPUT -m conntrack --ctstate INVALID -j LOG --log-prefix \"DROP INVALID \" --log-ip-options --log-tcp-options"
176
+ ipt "-A OUTPUT -m conntrack --ctstate INVALID -j DROP"
177
+ ipt "-A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT"
178
+
179
+ # ACCEPT rules
180
+ ipt "-A OUTPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
181
+ ipt "-A OUTPUT ! -o #{@lo} -j LOG --log-prefix \"DROP \" --log-ip-options --log-tcp-options"
182
+ ipt "-A OUTPUT -o #{@lo} -j ACCEPT"
183
+ end
184
+
185
+ def self.forward
186
+ puts "forward"
187
+ ipt "-A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix \"DROP INVALID \" --log-ip-options --log-tcp-options"
188
+ ipt "-A FORWARD -m conntrack --ctstate INVALID -j DROP"
189
+ ipt "-A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT"
190
+ ipt "-A FORWARD -i #{@input} ! -s #{@input_addr} -j LOG --log-prefix \"SPOOFED PKT \""
191
+ ipt "-A FORWARD -i #{@input} ! -s #{@input_addr} -j DROP"
192
+ end
193
+ end
194
+ end
data/lib/spior/mac.rb CHANGED
@@ -1,52 +1,23 @@
1
1
  require "pathname"
2
- require "interfacez"
3
2
  require_relative "msg"
4
3
 
5
4
  module Spior
6
- class MAC
5
+ module MAC
6
+ extend self
7
7
 
8
- def self.randomize(interface)
8
+ def randomize(interface)
9
9
  @network_int = interface
10
- @check = false
11
10
  check_dep
12
- verify_card
13
- if @check == false then
14
- puts "Checking network interface..."
15
- ask_for_card
16
- end
17
11
  system("deceitmac --interface #{@network_int} --random --dhcpcd --tor --no-banner")
18
12
  end
19
13
 
20
14
  private
21
15
 
22
- def self.check_dep
16
+ def check_dep
23
17
  if ! Pathname.new("/usr/local/bin/deceitmac") then
24
18
  Msg.error "deceitmac is not installed, please, exec spior --install"
25
19
  exit(-1)
26
20
  end
27
21
  end
28
-
29
- def self.verify_card
30
- return if @check or not @network_int
31
- Interfacez.all do |interface|
32
- if interface == @network_int then
33
- @check = true
34
- end
35
- end
36
- if not @check then
37
- Msg.err "Your interface #{@network_int} is no found"
38
- end
39
- end
40
-
41
- def self.ask_for_card
42
- until @check == true
43
- Interfacez.all do |interface|
44
- print interface + " "
45
- end
46
- printf "\nWhich interface to randomize ? "
47
- @network_int = gets.chomp
48
- verify_card
49
- end
50
- end
51
22
  end
52
23
  end
data/lib/spior/network.rb ADDED
@@ -0,0 +1,46 @@
1
+ require 'interfacez'
2
+ require_relative 'msg'
3
+
4
+ module Spior
5
+ class Network
6
+ attr_accessor :card
7
+
8
+ def initialize(name = false)
9
+ @name = name
10
+ @check = false
11
+ end
12
+
13
+ def card
14
+ verify_card
15
+ if @check == false then
16
+ ask_for_card
17
+ end
18
+ @name
19
+ end
20
+
21
+ private
22
+
23
+ def verify_card
24
+ return if @check or not @name
25
+ Interfacez.all do |interface|
26
+ if interface == @name then
27
+ @check = true
28
+ end
29
+ end
30
+ if not @check then
31
+ Msg.err "Your interface #{@name} is no found"
32
+ end
33
+ end
34
+
35
+ def ask_for_card
36
+ until @check == true
37
+ Interfacez.all do |interface|
38
+ print interface + " "
39
+ end
40
+ printf "\nWhat is the name of the card to be used? "
41
+ @name = gets.chomp
42
+ verify_card
43
+ end
44
+ end
45
+ end
46
+ end
data/lib/spior/options.rb CHANGED
@@ -3,12 +3,13 @@ require_relative 'status'
3
3
 
4
4
  module Spior
5
5
  class Options
6
- attr_reader :install , :copy, :mac , :interface
6
+ attr_reader :install , :copy, :mac , :interface , :tor
7
7
 
8
8
  def initialize(argv)
9
9
  @install = false
10
10
  @copy = false
11
11
  @mac = false
12
+ @tor = false
12
13
  parse(argv)
13
14
  end
14
15
 
@@ -25,12 +26,16 @@ module Spior
25
26
  @copy = true
26
27
  end
27
28
 
29
+ opts.on("-c", "--card NAME", "The name of the target network card") do |net|
30
+ @interface = net
31
+ end
32
+
28
33
  opts.on("-m", "--mac", "Change your mac") do
29
34
  @mac = true
30
35
  end
31
36
 
32
- opts.on("-c NAME", "--card NAME", "Network card to change, optionnal") do |net|
33
- @interface = net
37
+ opts.on("-t", "--tor", "Redirect traffic through TOR") do
38
+ @tor = true
34
39
  end
35
40
 
36
41
  opts.on("-s", "--status", "Look infos about your current ip") do
data/lib/spior/runner.rb CHANGED
@@ -2,12 +2,15 @@ require_relative 'options'
2
2
  require_relative 'install'
3
3
  require_relative 'copy'
4
4
  require_relative 'mac'
5
+ require_relative 'iptables'
6
+ require_relative 'network'
5
7
  require_relative 'msg'
6
8
 
7
9
  module Spior
8
10
  class Runner
9
11
  def initialize(argv)
10
12
  @options = Options.new(argv)
13
+ @network = false
11
14
  end
12
15
 
13
16
  def run
@@ -21,7 +24,17 @@ module Spior
21
24
  end
22
25
  if @options.mac then
23
26
  Msg.head
24
- Spior::MAC::randomize(@options.interface)
27
+ if not @network
28
+ @network = Spior::Network.new(@options.interface)
29
+ end
30
+ Spior::MAC::randomize(@network.card)
31
+ end
32
+ if @options.tor then
33
+ Msg.head
34
+ if not @network
35
+ @network = Spior::Network.new(@options.interface)
36
+ end
37
+ Spior::Iptables::tor(@network.card)
25
38
  end
26
39
  end
27
40
  end
data/spior.gemspec CHANGED
@@ -3,8 +3,7 @@ Gem::Specification.new do |s|
3
3
 
4
4
  s.summary = "A tool to make TOR your default gateway and randomize your hardware"
5
5
  s.description = <<-EOF
6
- A tool to make TOR your default gateway and randomize your hardware
7
- Status: not yet functionnal, please wait for the next releases !"
6
+ A tool to make TOR your default gateway and randomize your hardware.
8
7
  EOF
9
8
 
10
9
  s.metadata = {
@@ -13,7 +12,7 @@ Gem::Specification.new do |s|
13
12
  "wiki_uri" => "https://github.com/szorfein/spior"
14
13
  }
15
14
 
16
- s.version = "0.0.4"
15
+ s.version = "0.0.5"
17
16
  s.requirements << 'tor'
18
17
  s.requirements << 'sudo'
19
18
  s.requirements << 'iptables'
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spior
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.4
4
+ version: 0.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - szorfein
@@ -35,7 +35,7 @@ cert_chain:
35
35
  J/zT/q2Ac7BWpSLbv6p9lChBiEnD9j24x463LR5QQjDNS5SsjzRQfFuprsa9Nqf2
36
36
  Tw==
37
37
  -----END CERTIFICATE-----
38
- date: 2020-05-03 00:00:00.000000000 Z
38
+ date: 2020-05-04 00:00:00.000000000 Z
39
39
  dependencies:
40
40
  - !ruby/object:Gem::Dependency
41
41
  name: rainbow
@@ -65,9 +65,7 @@ dependencies:
65
65
  - - '='
66
66
  - !ruby/object:Gem::Version
67
67
  version: 1.0.3
68
- description: |2
69
- A tool to make TOR your default gateway and randomize your hardware
70
- Status: not yet functionnal, please wait for the next releases !"
68
+ description: " A tool to make TOR your default gateway and randomize your hardware.\n"
71
69
  email: szorfein@protonmail.com
72
70
  executables:
73
71
  - spior
@@ -88,8 +86,10 @@ files:
88
86
  - conf/torrc
89
87
  - lib/spior/copy.rb
90
88
  - lib/spior/install.rb
89
+ - lib/spior/iptables.rb
91
90
  - lib/spior/mac.rb
92
91
  - lib/spior/msg.rb
92
+ - lib/spior/network.rb
93
93
  - lib/spior/options.rb
94
94
  - lib/spior/runner.rb
95
95
  - lib/spior/status.rb
metadata.gz.sig CHANGED
Binary file