potatun

An experimental packet tunnelling bind shell using obscure techniques to evade IDS/IPS.

TCP/UDP (source port encoding)
ICMP (payload)
SCTP (chunkdata)
IPSEC (esp)
Netflow (V5, netflow record source port encoding)
Netbios (NBNSQueryRequest, question_name)

NOTE:

Data encryption is used where applicable.
Invalid use of protocols should be detected by a properly configured SIEM. (Which is very much the case for the options above!)

Requirements

python3
scapy

Usage

root@kali:/opt/potatun# python3 potatun.py -h
usage: potatun.py [-h] [-i I] [-t T] [-m M]

potatun - an experimental packet tunnelling bind shell.

optional arguments:
  -h, --help  show this help message and exit
  -i I        send interface (eth0)
  -t T        send ip:port (10.10.10.1:443)
  -m M        tunnel mode (udp-c/udp-s, tcp-c/tcp-s, icmp-c/icmp-s,
              sctp-c/sctp-s, ipsec-c/ipsec-s, netflow-c/netflow-s, netbios-c/netbios-s)

Netflow (v5 record source port encoding)

UDP (source port encoding)

TCP (source port encoding)

SCTP (chunkdata)

ICMP (payload)

IPSEC (esp)

NetBIOS (NBNSQueryRequest)

Disclaimer

Don't use this script in real-life, bind shells are sketchy, it's purely for research/experimentation, there are a ton of other safe/stable open source options.

Enjoy~

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
README.md		README.md
potatun.py		potatun.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

potatun.py

potatun.py

Repository files navigation

potatun

About

Releases

Packages

Languages

Potato-Industries/tunnelling-experiments

Folders and files

Latest commit

History

README.md

README.md

potatun.py

potatun.py

Repository files navigation

potatun

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages