{"id":13588024,"url":"https://github.com/avilum/waycup","last_synced_at":"2025-03-16T18:31:27.689Z","repository":{"id":133512167,"uuid":"254034703","full_name":"avilum/waycup","owner":"avilum","description":"A minimal tool that hides your online assets from online security scanners, researchers and hackers.","archived":false,"fork":false,"pushed_at":"2020-07-22T07:44:05.000Z","size":92,"stargazers_count":115,"open_issues_count":0,"forks_count":11,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-02-27T12:08:29.829Z","etag":null,"topics":["anti-fingerprinting","bash","censys","fingerprinting","http-server","netcat","port-knock","port-knocking","port-scanning","privacy","privacy-protection","shodan","ssh-server"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/avilum.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-04-08T08:52:50.000Z","updated_at":"2025-01-11T00:51:58.000Z","dependencies_parsed_at":"2023-03-13T11:08:14.155Z","dependency_job_id":null,"html_url":"https://github.com/avilum/waycup","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avilum%2Fwaycup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avilum%2Fwaycup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avilum%2Fwaycup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avilum%2Fwaycup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/avilum","download_url":"https://codeload.github.com/avilum/waycup/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243826788,"owners_count":20354220,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anti-fingerprinting","bash","censys","fingerprinting","http-server","netcat","port-knock","port-knocking","port-scanning","privacy","privacy-protection","shodan","ssh-server"],"created_at":"2024-08-01T15:06:28.319Z","updated_at":"2025-03-16T18:31:27.341Z","avatar_url":"https://github.com/avilum.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# WayCup - Port Knocking out of the box\nThese scripts let you expose your real server functionality only after sending a magic \"Wake Up\" packet to an open port.\u003cbr\u003e\nYou can use WayCup as an \u003cb\u003eadditional\u003c/b\u003e layer of security against fingerprinting for your SSH/HTTP servers (and many more), or a minimal alternative to port knocking.\u003cbr\u003e\u003cbr\u003e\nRun a local example: reverse shell with magic handshake\u003cbr\u003e\n```bash\n# apk add git\n# apt install -y git netcat\n\ngit clone https://github.com/avilum/waycup.git \u0026\u0026 cd waycup/\n\nnohup ./server.sh \u0026 # Or in another terminal\n\n# To watch server logs:\n# tail -f nohup.out\n\n./client.sh\n# Starts a reverse shell on the server, or change server_main.sh to do anything you want.\n\n```\n### Use Cases:\n1. Hide services from security scanners (Shodan, Censys, nmap, zmap) and hackers (port scanning and fingerprint fails).\n2. Keep your server a secret while it listens to www facing ports. It's like a black hole.\n2. Expose a service's functionality on a port only to clients with a pre-shared secret, without modifying the application layer or managing users.\n4. Copy/Paste where you don't want to configure a proxy like nginx. Also, it's easy to fingerprint nginx. This is a copy/paste solution with almost no dependencies.\n5. Honeypots - Log all the transport to a file with tcpdump/alternative.\n\n### Less secure (but nice) use cases:\n1. Use as an API for remote calls on a machine (run a generic script)\n2. When SSH is not (or can't be) installed - pure reverse bash shell.\n3. Pentesting and Red Teams.\n\n## How it works:\nIt wraps your appliction with a \"black hole\" that swallows automatic crawlers and bots, thus leaving your assets \"anonymous\" and making cyber attacks on your assets more complex.\n\u003cbr\u003e\n1. The server(s) listen on any port for a magic packet via TCP/UDP. \n2. A magic \"Wake Up\" packet is sent from a client.\n3. The \"Wake Up\" packet is received by the server.\n3. The server runs a generic script, that exposes the service (SSH, HTTP, Anything) to the client on the same (or on a new) port.\n4. If the server supports routing tables manipulation, the iptables can be modified and the client can keep communicating over the same port. see ./server.sh for more information.\n\n# Examples\n\n## Running a server \n```bash\n$ ./server.sh\nListening for magic packets on localhost:8080\nConnection from 127.0.0.1:60427\nSuccessful connection\nRunning the main startup script: ./server_main.sh\n...\n```\n\n## Connecting clients\nnc/netcat/socat/ncat magic packets:\n```bash\nMAGIC_LISTENER_HOST=\"localhost\"\nSERVER_MAGIC_PORT=8080\n\n# Fails, until we send a magic packet.\nssh $MAGIC_LISTENER_HOST -p $SERVER_MAGIC_PORT \nconnection refused.\n\n# Sending a magic packet\nMAGIC=\"secret\"\necho $MAGIC | nc -c -vvv $MAGIC_LISTENER_HOST $MAGIC_LISTENER_PORT \u0026\u0026 echo \"Success\"\n\n# Works now\nssh $MAGIC_LISTENER_HOST -p $SERVER_MAGIC_PORT \n\n# Do whatever you want here, based on the server implementation.\n# See server_main.sh and client.sh for more documentation.\n```\n\nPython: Send a magic packet that reveals an HTTP Server\n```text\nIn [1]: import requests\nIn [2]: requests.get('http://localhost:80')\nConnectionError\n\nIn [3]: import socket;\n   ...: MAGIC=\"change this magic string\"\n   ...: SERVER_HOST=\"localhost\"\n   ...: SERVER_MAGIC_PORT=8080\n   ...: with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:\n   ...:     s.connect((SERVER_HOST, SERVER_MAGIC_PORT))\n   ...:     s.sendall(MAGIC.encode())\n\nIn [4]: requests.get('http://localhost:80')\nOut[4]: \u003cResponse [200]\u003e\n```\nCopy and paste:\n```python\nimport socket\nMAGIC=\"secret\"\nSERVER_HOST=\"localhost\"\nSERVER_MAGIC_PORT=8080\nwith socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:\n    s.connect((SERVER_HOST, SERVER_MAGIC_PORT))\n    s.sendall(MAGIC.encode())\n\n# Query the API / Connect to the service on the same or different that just opened for you\n\nimport requests\n\n# Modify server_main.sh to run an http server (uncomment a line)\nrequests.get('http://localhost:80') \n```\n\nRemote reverse-shell:\n```bash\n$ ./client.sh\nSending magic packet to localhost:8080\nlocalhost [127.0.0.1] 8080 (http-alt) open\nTotal received bytes: 0\nTotal sent bytes: 25\nSuccess\nStarting reverse shell...\nConnection from 127.0.0.1:60428\nwhoami\n####\nsudo su\nwhoami\nroot\n```\n\n# Adding security\nYou should add an extra layer of security if you want to prevent reply attacks. That can be done by adding a TLS layer to your server with OpenSSL/Boring SSL\n\nOpenSSL:\n```bash\nNot implimented yet - feel free to contribute!\n\n# Generate random secret:\nSECRET=$(openssl rand -base64 512) # Copy to server.sh and client.sh.\n\n\n# Generate a random MAC address for the server:\nsudo ifconfig [interface_name] ether $(openssl rand -hex 6 | sed 's%\\(..\\)%\\1:%g; s%.$%%')\n```\n\nBoringSSL:\n```bash\nNot implimented yet - feel free to contribute!\n```\n\nHMAC Validation:\n```bash\nNot implimented yet - feel free to contribute!\n```\n\n# Server Dependencies:\n* nc/netcat\n\n# Compitability:\n* Runs on any UNIX system that supports busybox syntax.\n* You can copy and paste it in your servers, as-is, if you have \u003ccode\u003enc\u003c/code\u003e installed.\n* BSD netcat does not supports client IP extraction and iptables modification (yet), install GNU netcat for better compitability.\n* Mac users - Remove \"-w\" argument in server.sh and add \"-c\" argument to client.sh\n\n# Nc manual:\n```bash\nnc\nnc [OPTIONS] HOST PORT - connect nc [OPTIONS] -l -p PORT [HOST] [PORT] - listen\n\nOptions:\n\n        -e PROG         Run PROG after connect (must be last)\n        -l              Listen mode, for inbound connects\n        -n              Don't do DNS resolution\n        -s ADDR         Local address\n        -p PORT         Local port\n        -u              UDP mode\n        -v              Verbose\n        -w SEC          Timeout for connects and final net reads\n        -i SEC          Delay interval for lines sent\n        -o FILE         Hex dump traffic\n        -z              Zero-I/O mode (scanning)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favilum%2Fwaycup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Favilum%2Fwaycup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favilum%2Fwaycup/lists"}