new: added socks5 plugin (closes #26)

evilsocket · Dec 18, 2023 · c963c7f · c963c7f
1 parent 3082cd4
commit c963c7f
Show file tree

Hide file tree

Showing 7 changed files with 96 additions and 2 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -79,6 +79,7 @@ scylla = { version = "0.10.1", optional = true }
 paho-mqtt = { version = "0.12.3", optional = true }
 csv = "1.3.0"
 pavao = { version = "0.2.3", optional = true }
+fast-socks5 = { version = "0.9.2", optional = true }
 
 [dev-dependencies]
 tempfile = "3.8.0"
@@ -109,6 +110,7 @@ default = [
     "scylla",
     "tcp_ports",
     "samba",
+    "socks5",
 ]
 http = ["dep:url", "dep:reqwest", "dep:base64", "dep:ntlmclient"]
 dns = ["dep:trust-dns-resolver"]
@@ -137,6 +139,7 @@ redis = []
 scylla = ["dep:scylla"]
 tcp_ports = []
 samba = ["dep:pavao"]
+socks5 = ["dep:fast-socks5"]
 
 [profile.release]
 lto = true        # Enable link-time optimization

diff --git a/README.md b/README.md
@@ -13,7 +13,7 @@ For the building instructions, usage and the complete list of options [check the
 
 ## Supported Protocols/Features:
 
-AMQP (ActiveMQ, RabbitMQ, Qpid, JORAM and Solace), Cassandra/ScyllaDB, DNS subdomain enumeration, FTP, HTTP (basic authentication, NTLMv1, NTLMv2, multipart form, custom requests with CSRF support, files/folders enumeration, virtual host enumeration), IMAP, Kerberos pre-authentication and user enumeration, LDAP, MongoDB, MQTT, Microsoft SQL, MySQL, Oracle, PostgreSQL, POP3, RDP, Redis, Samba, SSH / SFTP, SMTP, STOMP (ActiveMQ, RabbitMQ, HornetQ and OpenMQ), TCP port scanning, Telnet, VNC.
+AMQP (ActiveMQ, RabbitMQ, Qpid, JORAM and Solace), Cassandra/ScyllaDB, DNS subdomain enumeration, FTP, HTTP (basic authentication, NTLMv1, NTLMv2, multipart form, custom requests with CSRF support, files/folders enumeration, virtual host enumeration), IMAP, Kerberos pre-authentication and user enumeration, LDAP, MongoDB, MQTT, Microsoft SQL, MySQL, Oracle, PostgreSQL, POP3, RDP, Redis, Samba, SSH / SFTP, SMTP, Socks5, STOMP (ActiveMQ, RabbitMQ, HornetQ and OpenMQ), TCP port scanning, Telnet, VNC.
 
 ## Benchmark
 

diff --git a/src/main.rs b/src/main.rs
@@ -27,7 +27,7 @@ fn setup() -> Result<Options, session::Error> {
 
     if env::var_os("RUST_LOG").is_none() {
         // set `RUST_LOG=debug` to see debug logs
-        env::set_var("RUST_LOG", "info,blocking=off,pavao=off");
+        env::set_var("RUST_LOG", "info,blocking=off,pavao=off,fast_socks5=off");
     }
 
     env_logger::builder()

diff --git a/src/plugins/mod.rs b/src/plugins/mod.rs
@@ -45,6 +45,8 @@ pub(crate) mod samba;
 pub(crate) mod scylla;
 #[cfg(feature = "smtp")]
 pub(crate) mod smtp;
+#[cfg(feature = "socks5")]
+pub(crate) mod socks5;
 #[cfg(feature = "sql")]
 mod sql;
 #[cfg(feature = "ssh")]

diff --git a/src/plugins/socks5/mod.rs b/src/plugins/socks5/mod.rs
@@ -0,0 +1,66 @@
+use std::time::Duration;
+
+use async_trait::async_trait;
+use ctor::ctor;
+
+use crate::session::{Error, Loot};
+use crate::utils;
+use crate::Options;
+use crate::Plugin;
+
+use crate::creds::Credentials;
+
+#[ctor]
+fn register() {
+    crate::plugins::manager::register("socks5", Box::new(Socks5::new()));
+}
+
+#[derive(Clone)]
+pub(crate) struct Socks5 {}
+
+impl Socks5 {
+    pub fn new() -> Self {
+        Socks5 {}
+    }
+}
+
+#[async_trait]
+impl Plugin for Socks5 {
+    fn description(&self) -> &'static str {
+        "SOCKS5 password authentication."
+    }
+
+    fn setup(&mut self, _opts: &Options) -> Result<(), Error> {
+        Ok(())
+    }
+
+    async fn attempt(&self, creds: &Credentials, timeout: Duration) -> Result<Option<Loot>, Error> {
+        let address: String = utils::parse_target_address(&creds.target, 1080)?;
+        let res = tokio::time::timeout(
+            timeout,
+            fast_socks5::client::Socks5Stream::connect_with_password(
+                address.clone(),
+                "ifcfg.co".to_owned(),
+                80,
+                creds.username.clone(),
+                creds.password.clone(),
+                fast_socks5::client::Config::default(),
+            ),
+        )
+        .await
+        .map_err(|e| e.to_string())?;
+
+        return Ok(if res.is_ok() {
+            Some(Loot::new(
+                "socks5",
+                &address,
+                [
+                    ("username".to_owned(), creds.username.to_owned()),
+                    ("password".to_owned(), creds.password.to_owned()),
+                ],
+            ))
+        } else {
+            None
+        });
+    }
+}
diff --git a/test-servers/socks5.sh b/test-servers/socks5.sh
@@ -0,0 +1,8 @@
+docker run \
+    --security-opt no-new-privileges \
+    --name socks5 \
+    --restart unless-stopped \
+    -p 1080:1080 \
+    -e PROXY_USER=admin666 \
+    -e PROXY_PASSWORD=test12345 \
+    yarmak/socks5-server