{"id":13815251,"url":"https://github.com/blackarrowsec/pivotnacci","last_synced_at":"2025-05-16T18:09:58.639Z","repository":{"id":37383257,"uuid":"259619314","full_name":"blackarrowsec/pivotnacci","owner":"blackarrowsec","description":"A tool to make socks connections through HTTP agents","archived":false,"fork":false,"pushed_at":"2021-03-30T14:37:25.000Z","size":87,"stargazers_count":693,"open_issues_count":0,"forks_count":114,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-04-12T17:00:09.463Z","etag":null,"topics":["aspx","jsp","lateral-movement","php","python","socks"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blackarrowsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-04-28T11:36:45.000Z","updated_at":"2025-04-07T21:08:59.000Z","dependencies_parsed_at":"2022-09-03T03:02:10.271Z","dependency_job_id":null,"html_url":"https://github.com/blackarrowsec/pivotnacci","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackarrowsec%2Fpivotnacci","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackarrowsec%2Fpivotnacci/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackarrowsec%2Fpivotnacci/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackarrowsec%2Fpivotnacci/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blackarrowsec","download_url":"https://codeload.github.com/blackarrowsec/pivotnacci/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254582907,"owners_count":22095518,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aspx","jsp","lateral-movement","php","python","socks"],"created_at":"2024-08-04T04:03:12.868Z","updated_at":"2025-05-16T18:09:58.617Z","avatar_url":"https://github.com/blackarrowsec.png","language":"Python","funding_links":[],"categories":["Python","Python (1887)"],"sub_categories":[],"readme":"# pivotnacci\n\n[![](https://img.shields.io/badge/Category-Lateral%20Movement-E5A505?style=flat-square)]() [![](https://img.shields.io/badge/Language-.NET%20%2f%20PHP%20%2f%20Java%20%2f%20Python-E5A505?style=flat-square)]()\n\n\nPivot into the internal network by deploying HTTP agents. **Pivotnacci** allows you to create a socks server which communicates with HTTP `agents`. The architecture looks like the following:\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"pivotnacci.png\" width=\"720\" \u003e\n\u003c/p\u003e\n\nThis tool was inspired by the great [reGeorg](https://github.com/sensepost/reGeorg). However, it includes some improvements:\n- Support for **balanced servers**\n- Customizable polling interval, useful to reduce **detection rates**\n- Auto drop connections closed by a server\n- Modular and cleaner code\n- Installation through pip\n- Password-protected agents\n\nSupported socks protocols\n------------\n\n- [X] Socks 4\n- [X] Socks 5\n + [X] No authentication\n + [ ] User password\n + [ ] GSSAPI\n\nInstallation\n------------\n\nFrom python packages:\n```shell\npip3 install pivotnacci\n```\n\nFrom repository:\n```shell\ngit clone https://github.com/blackarrowsec/pivotnacci.git\ncd pivotnacci/\npip3 install -r requirements.txt # to avoid installing on the OS\npython3 setup.py install # to install on the OS\n```\n\nUsage\n------------\n\n1. Upload the required agent (php, jsp or aspx) to a webserver\n2. Start the socks server once the agent is deployed\n3. Configure proxychains or any other proxy client (the default listening port for pivotnacci socks server is 1080)\n\n```shell\n$ pivotnacci -h\nusage: pivotnacci [-h] [-s addr] [-p port] [--verbose] [--ack-message message]\n [--password password] [--user-agent user_agent]\n [--header header] [--proxy [protocol://]host[:port]]\n [--type type] [--polling-interval milliseconds]\n [--request-tries number] [--retry-interval milliseconds]\n url\n\nSocks server for HTTP agents\n\npositional arguments:\n url The url of the agent\n\noptional arguments:\n -h, --help show this help message and exit\n -s addr, --source addr\n The default listening address (default: 127.0.0.1)\n -p port, --port port The default listening port (default: 1080)\n --verbose, -v\n --ack-message message, -a message\n Message returned by the agent web page (default:\n Server Error 500 (Internal Error))\n --password password Password to communicate with the agent (default: )\n --user-agent user_agent, -A user_agent\n The User-Agent header sent to the agent (default:\n pivotnacci/0.0.1)\n --header header, -H header\n Send custom header. Specify in the form 'Name: Value'\n (default: None)\n --proxy [protocol://]host[:port], -x [protocol://]host[:port]\n Set the HTTP proxy to use.(Environment variables\n HTTP_PROXY and HTTPS_PROXY are also supported)\n (default: None)\n --type type, -t type To specify agent type in case is not automatically\n detected. Options are ['php', 'jsp', 'aspx'] (default:\n None)\n --polling-interval milliseconds\n Interval to poll the agents (for recv operations)\n (default: 100)\n --request-tries number\n The number of retries for each request to an agent. To\n use in case of balanced servers (default: 50)\n --retry-interval milliseconds\n Interval to retry a failure request (due a balanced\n server) (default: 100)\n```\n\nExamples\n------------\n\nUsing an agent with password `s3cr3t` (`AGENT_PASSWORD` variable must be modified at the agent side as well):\n```shell\npivotnacci https://domain.com/agent.php --password \"s3cr3t\"\n```\n\nUsing a custom HTTP `Host` header and a custom `CustomAgent` User-Agent:\n```shell\npivotnacci https://domain.com/agent.jsp -H 'Host: vhost.domain.com' -A 'CustomAgent'\n```\n\nSetting a different agent message `418 I'm a teapot` (`ACK_MESSAGE` variable must be modified at the agent side as well):\n```shell\npivotnacci https://domain.com/agent.aspx --ack-message \"418 I'm a teapot\"\n```\n\nReduce detection rate (e.g. WAF) by setting the polling interval to `2` seconds:\n```shell\npivotnacci https://domain.com/agent.php --polling-interval 2000\n```\n\nAuthor\n---------------\nEloy PĂ©rez ([@Zer1t0](https://github.com/Zer1t0)) [ [www.blackarrow.net](http://blackarrow.net/) - [www.tarlogic.com](https://www.tarlogic.com/en/) ]\n\n\nLicense\n-------\nAll the code included in this project is licensed under the terms of the GNU AGPLv3 license.\n\n#\n\n[![](https://img.shields.io/badge/www-blackarrow.net-E5A505?style=flat-square)](https://www.blackarrow.net) [![](https://img.shields.io/badge/twitter-@BlackArrowSec-00aced?style=flat-square\u0026logo=twitter\u0026logoColor=white)](https://twitter.com/BlackArrowSec) [![](https://img.shields.io/badge/linkedin-@BlackArrowSec-0084b4?style=flat-square\u0026logo=linkedin\u0026logoColor=white)](https://www.linkedin.com/company/blackarrowsec/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackarrowsec%2Fpivotnacci","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblackarrowsec%2Fpivotnacci","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackarrowsec%2Fpivotnacci/lists"}