{"id":13539508,"url":"https://github.com/aploium/shootback","last_synced_at":"2026-01-16T13:42:21.132Z","repository":{"id":43946290,"uuid":"57311313","full_name":"aploium/shootback","owner":"aploium","description":"a reverse TCP tunnel let you access target behind NAT or firewall","archived":false,"fork":false,"pushed_at":"2020-09-12T07:31:56.000Z","size":249,"stargazers_count":968,"open_issues_count":15,"forks_count":235,"subscribers_count":60,"default_branch":"master","last_synced_at":"2025-10-26T22:52:46.286Z","etag":null,"topics":["reverse","reverse-tcp-tunnel","tcp","tunnel"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aploium.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-04-28T15:12:36.000Z","updated_at":"2025-10-15T08:01:54.000Z","dependencies_parsed_at":"2022-08-27T08:53:00.675Z","dependency_job_id":null,"html_url":"https://github.com/aploium/shootback","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/aploium/shootback","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aploium%2Fshootback","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aploium%2Fshootback/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aploium%2Fshootback/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aploium%2Fshootback/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aploium","download_url":"https://codeload.github.com/aploium/shootback/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aploium%2Fshootback/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28479034,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["reverse","reverse-tcp-tunnel","tcp","tunnel"],"created_at":"2024-08-01T09:01:26.949Z","updated_at":"2026-01-16T13:42:16.120Z","avatar_url":"https://github.com/aploium.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"1a9934198e37d6d06b881705b863afc8\"\u003e\u003c/a\u003e通信\u0026\u0026代理\u0026\u0026反向代理\u0026\u0026隧道","Python","\u003ca id=\"01e6651181d405ecdcd92a452989e7e0\"\u003e\u003c/a\u003e工具","Python (1887)"],"sub_categories":["\u003ca id=\"a136c15727e341b9427b6570910a3a1f\"\u003e\u003c/a\u003e反向代理\u0026\u0026穿透","\u003ca id=\"e9f97504fbd14c8bb4154bd0680e9e62\"\u003e\u003c/a\u003e反向代理"],"readme":"# shootback\n\nshootback is a reverse TCP tunnel let you access target behind NAT or firewall  \n反向TCP隧道, 使得NAT或防火墙后的内网机器可以被外网访问.  \nConsumes less than 1% CPU and 8MB memory under 800 concurrency.  \nslaver is __single file__ and only depends on python(2.7/3.4+) standard library.\n\n## How it works\n\n![How shoot back works](https://raw.githubusercontent.com/aploium/shootback/static/graph.png)\n\n\n## Typical Scene\n\n1. Access company/school computer(no internet IP) from home  \n   从家里连接公司或学校里没有独立外网IP的电脑\n2. Make private network/site public.  \n   使内网或内网站点能从公网访问\n3. Help private network penetration.  \n   辅助内网渗透\n4. Help CTF offline competitions.  \n   辅助CTF线下赛, 使场外选手也获得比赛网络环境\n5. Connect to device with dynamic IP, such as ADSL  \n   连接动态IP的设备, 如ADSL\n6. SSL encryption between slaver and master  \n   slaver和master间支持SSL加密\n\n## Getting started\n\n1. requirement:\n    * Master: Python3.4+, OS independent\n    * Slaver: Python2.7/3.4+, OS independent\n    * no external dependencies, only python std lib\n2. download `git clone https://github.com/aploium/shootback`\n3. (optional) if you need a single-file slaver.py, run `python3 build_singlefile_slaver.py`\n4. run these command\n    ```bash\n    # master listen :10000 for slaver, :10080 for you\n    python3 master.py -m 0.0.0.0:10000 -c 127.0.0.1:10080\n    \n    # slaver connect to master, and use example.com as tunnel target\n    # ps: you can use python2 in slaver, not only py3\n    python3 slaver.py -m 127.0.0.1:10000 -t example.com:80\n    \n    # doing request to master\n    curl -v -H \"host: example.com\" 127.0.0.1:10080\n    # -- some HTML content from example.com --\n    # -- some HTML content from example.com --\n    # -- some HTML content from example.com --\n    ```\n5. a more reality example (with ssl):  \n    assume your master is 22.33.44.55 (just like the graph above)\n    ```bash\n    # slaver_local_ssh \u003c---\u003e slaver \u003c--[SSL]--\u003e master(22.33.44.55) \u003c--\u003e You\n    \n    # ---- master ----\n    python3 master.py -m 0.0.0.0:10000 -c 0.0.0.0:10022 --ssl\n    \n    # ---- slaver ----\n    # ps: the `--ssl` option is for slaver-master encryption, not for SSH\n    python(or python3) slaver.py -m 22.33.44.55:10000 -t 127.0.0.1:22 --ssl\n    \n    # ---- YOU ----\n    ssh 22.33.44.55 -p 10022\n    ```\n\n6. for more help, please see `python3 master.py --help` and `python3 slaver.py --help`\n\n## Tips\n\n1. run in daemon:  \n    `nohup python(or python3) slaver.py -m host:port -t host:port -q \u0026`  \n    or:\n    ```bash\n    # screen is a linux command\n    screen\n    python(or python3) slaver.py -m host:port -t host:port\n    # press  ctrl-a d  to detach screen\n    # and if necessary, use \"screen -r\" to reattach\n    ```\n\n2. ANY service using TCP is shootback-able.  HTTP/FTP/Proxy/SSH/VNC/...\n\n3. shootback itself just do the transmission job, do not handle encrypt or proxy.  \n    however you can use a 3rd party proxy (eg: shadowsocks) as slaver target.  \n    for example:  \n    `shadowsocks_server\u003c--\u003eshootback_slaver\u003c--\u003eshootback_master\u003c--\u003eshadowsocks_client(socks5)`\n\n## Warning\n\n1. in windows, due to the limit of CPython `select.select()`,\n   shootback can NOT handle more than 512 concurrency, you may meet  \n    `ValueError: too many file descriptors in select()`  \n   If you have to handle such high concurrency in windows,\n   [Anaconda-Python3](https://www.continuum.io/downloads) is recommend,\n   [it's limit in windows is 2048](https://github.com/ContinuumIO/anaconda-issues/issues/1241)\n\n\n## Performance\n\n1. in my laptop of intel I7-4710MQ, win10 x64:\n    * 1.6Gbits/s of loopback transfer (using iperf), with about 5% CPU occupation.\n    * 800 thread ApacheBench, with less than 1% CPU and 8MB memory consume\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faploium%2Fshootback","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faploium%2Fshootback","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faploium%2Fshootback/lists"}