Skip to content
main
Switch branches/tags
Code

doxycannon

CodeFactor

Doxycannon uses docker to create multiple socks proxies where the upstream internet connections are either VPN connections or Tor nodes

In VPN mode, it takes a pool of OpenVPN files and creates a Docker container for each one. After a successful VPN connection, each container spawns a SOCKS5 proxy server and binds it to a port on the Docker host.

In Tor mode, containers initiate a connection to the Tor network.

Both VPN and Tor nodes can be rotated through, giving you a new egress IP with each request.

Combined with tools like Burp suite or proxychains, this creates your very own (small) private botnet on the cheap.

Password Spraying Blog Post Using DoxyCannon

Prerequisites

If using VPN mode, you'll need a VPN subscription to a provider that distributes *.ovpn files

  • Install the required pip modules:

    pip install -r requirements.txt
  • Ensure docker is installed and enabled. Refer to the Wiki for installation instructions on Kali/Debian

  • proxychains4 is required for interactive mode

Setup

  • Create a NAME.txt file with your ovpn credentials in VPN. The format is:

    username
    password
    
  • Fill the VPN folder with *.ovpn files and ensure that the auth-user-pass directive in your ./VPN/*.ovpn files says auth-user-pass NAME.txt

    • Check out this wiki section for installation instructions for individual VPN providers
  • Within the VPN folder, you may divide/organize your VPN file into subdirectories and use the --dir flag with the --up or --single commands to only use those configs

    mkdir -p VPN/US
    mv US.opvn auth-us.txt VPN/US
    doxycannon vpn --dir VPN/US --up
    
    mkdir -p VPN/FR
    mv FR.opvn auth-fr.txt VPN/FR
    doxycannon vpn --dir VPN/FR --up
  • If --dir is equal to VPN, a container will be launched for each ovpn file inside the folder. Use --single to have HAproxy load-balance between all VPNs.

     doxycannon vpn --dir VPN --single # Launch HAproxy to load balance
  • --single does not stop proxy containers when it quits, it only stops HAproxy. Use --down to bring them down.

  • Alternatively, use the tor subcommand to just spin up tor nodes

    doxycannon tor --nodes 7 --single

Usage

note: proxychains' prng uses an epoch time-based seed which means you may get multiple requests being made from the same IP if less than a second passes between requests. If this is unacceptable, I have a patch for rofl0r/proxychains-ng on my fork, prng branch located here

One-off, random commands

While your containers are up, you can use proxychains-ng to issue commands through random proxies

proxychains4 -q curl -s ipconfig.io/json
proxychains4 -q hydra -L users.txt -p Winter2020 manager.example.com -t 8 ssh

GUI Tools

Use the --single flag to create a proxy rotator.

❯❯ ./doxycannon.py [vpn|tor] --single
[+] Writing HAProxy configuration
[*] Image doxyproxy built.
[*] Staring single-port mode...
[*] Proxy rotator listening on port 1337. Ctrl-c to quit
^C
[*] doxyproxy was issued a stop command
[*] Your proxies are still running.

To see what's happening, checkout out the haproxy folder. Essentially, the tool builds a layer 4 load-balancer between all the VPNs. This allows rotatation of proxies through a single port. One can then point browsers or BURPSuite at it and have every request use a different VPN.

Specific SOCKS proxies

Example: To make a request through Japan, use docker ps and find the local port to which the Japanese VPN is bound.

Configure your tool to use that port:

curl --socks5 localhost:50xx ipconfig.io/json

Interactive

Once you've started your containers, run the utility with the --interactive flag to get a bash session where all network traffic is redirected through proxychains4

./doxycannon.py --interactive

Credit

pry0cc for the idea

This was originally a fork of pry0cc's ProxyDock. It's been modified to an extent where less than 1% of the original code remains.