A poorman's proxycannon and botnet, using docker, ovpn files, and a dante socks5 proxy
Switch branches/tags
Nothing to show
Clone or download
Latest commit 8525ca2 Oct 10, 2018

README.md

doxycannon

CodeFactor

Doxycannon takes a pool of OpenVPN files and creates a Docker container for each one. After a successful VPN connection, each container spawns a SOCKS5 proxy server and binds it to a port on the Docker host. Combined with tools like Burp suite or proxychains, this creates your very own private botnet on the cheap.

Password Spraying Blog Post Using DoxyCannon

Prerequisites

  • A VPN subscription to a provider that distributes *.ovpn files
  • Install the required pip modules:
    pip install -r requirements.txt
  • Ensure docker is installed and enabled. Refer to the Wiki for installation instructions on Kali/Debian
  • proxychains4 is required for interactive mode

Setup

  • Create an auth.txt file with your ovpn credentials in VPN. The format is:
    username
    password
    
  • Fill the VPN folder with *.ovpn files and ensure that the auth-user-pass directive in your ./VPN/*.ovpn files says auth-user-pass auth.txt
    • Check out this wiki section for installation instructions for individual VPN providers
  • Run ./doxycannon.py --build to build your image with your OVPN files
    • --build will need to be run on code changes or when you modify the VPN folder's contents

Usage

note: the way proxychains seeds its PRNG to choose a random proxy is not fast enough to ensure each subsequent request goes out through a different IP. You may get between 1-10 requests being made from the same IP. If this is unacceptable, I merged a patch to the original proxychains repo. Download and build from master to get the fix. https://github.com/haad/proxychains

One-off, random commands

While your containers are up, you can use proxychains to issue commands through random proxies

proxychains4 -q curl -s ipconfig.io/json
proxychains4 -q hydra -L users.txt -p Winter2018 manager.example.com -t 8 ssh
proxychains4 -q gobuster -w word.list -h http://manager.example.com

GUI Tools

Use the --single flag to bring up your proxies and create a proxy rotator.

hgfs/shared/doxycannon  master 
❯❯ ./doxycannon.py --single
[+] Writing HAProxy configuration
[*] Image doxyproxy built.
[*] Staring single-port mode...
[*] Proxy rotator listening on port 1337. Ctrl-c to quit
^C
[*] doxyproxy was issued a stop command
[*] Your proxies are still running.

To see what's happening, checkout out the haproxy folder. Essentially, one is building a layer 4 load-balancer between all the VPNs. This will allow you rotate through your proxies from a single port which means you can point your browsers or BURPSuite instances at it and have every request use a different VPN.

Specific SOCKS proxies

If you want to use a specific proxy, give your utility the proper SOCKS port.

Example: To make a request through Japan, use docker ps and find the local port to which the Japanese proxy is bound.

Configure your tool to use that port:

curl --socks5 localhost:50xx ipconfig.io/json

Interactive

Once you've built your image and started your containers, run the utility with the --interactive flag to get a bash session where all network traffic is redirected through proxychains4

./doxycannon.py --interactive

Demo

asciicast

Credit

pry0cc for the idea

This was originally a fork of pry0cc's ProxyDock. It's been modified to an extent where less than 1% of the original code remains.

TODO

  • Allow for management of remote doxycannon installs through the Docker API
  • Connect to VPN endpoints through TOR when --up --tor is passed
  • Interactive mode
  • Python management script
  • Faster Up/Down Container management
  • Dispatch server - (will allow GUI applications to use doxycannon)
  • Creates a single local proxy server that dispatches through VPNs