2020-10-08 13:20:42 +00:00
|
|
|
from stem.control import Controller
|
|
|
|
import stem.connection
|
|
|
|
import paho.mqtt.client as mqtt
|
2020-10-20 10:16:19 +00:00
|
|
|
import socks
|
2020-10-08 13:20:42 +00:00
|
|
|
import ssl
|
|
|
|
import socket
|
|
|
|
import json
|
|
|
|
import configparser
|
|
|
|
import argparse
|
|
|
|
from datetime import datetime
|
|
|
|
from os import environ
|
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
|
2020-10-08 13:20:42 +00:00
|
|
|
def main():
|
2020-10-19 22:20:33 +00:00
|
|
|
parser = argparse.ArgumentParser(description='Broadcast SSH hidden service hostname via MQTT')
|
|
|
|
|
|
|
|
parser.add_argument('--config-dir', nargs='?', dest='configPath', default='/etc/torch',
|
|
|
|
help='configuration directory (default: /etc/torch)')
|
|
|
|
|
|
|
|
args = parser.parse_args()
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
config_path = args.configPath
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
if "TORCH_CONFIG_DIR" in environ:
|
|
|
|
config_path = environ.get("TORCH_CONFIG_DIR")
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
if not config_path.endswith("/"):
|
|
|
|
config_path = config_path + "/"
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
print("Using torch configuration path: " + config_path)
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
config = configparser.ConfigParser()
|
|
|
|
config.read(config_path + "torch.conf")
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
tor_proxy_port = config['tor'].getint('ProxyPort', fallback=9050)
|
|
|
|
tor_controller_port = config['tor'].getint('ControllerPort', fallback=9051)
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
ssh_port = config['ssh'].getint('Port', fallback=22)
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
mqtt_config = config['mqtt']
|
|
|
|
mqtt_broker_host = mqtt_config.get('BrokerHost', fallback="localhost")
|
|
|
|
mqtt_broker_port = mqtt_config.getint('BrokerPort', fallback=1883)
|
|
|
|
client_id = mqtt_config.get('ClientID', fallback=socket.gethostname())
|
|
|
|
mqtt_topic = mqtt_config.get('Topic', fallback="torch/%s/onion_url" % client_id)
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
mqtt_require_certificate = mqtt_config.getboolean(
|
|
|
|
'RequireCertificate',
|
|
|
|
fallback=False)
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
mqtt_ca_file = config_path + mqtt_config.get('CaFile')
|
|
|
|
mqtt_cert_file = config_path + mqtt_config.get('CertFile')
|
|
|
|
mqtt_key_file = config_path + mqtt_config.get('KeyFile')
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
with Controller.from_port(port=tor_controller_port) as controller:
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
protocol_info = stem.connection.get_protocolinfo(controller)
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
stem.connection.authenticate_safecookie(
|
|
|
|
controller,
|
|
|
|
protocol_info.cookie_path)
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
print("Connected to Tor on port %s" % tor_controller_port)
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
service = controller.create_ephemeral_hidden_service(ssh_port, detached=True)
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
onion_address = "%s.onion" % service.service_id
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
print("Created Tor Hidden Service for local port %s at %s" % (ssh_port, onion_address))
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
payload = {
|
|
|
|
'clientId': client_id,
|
|
|
|
'timestamp': datetime.now().strftime("%d-%b-%Y (%H:%M:%S.%f)"),
|
|
|
|
'onionAddress': onion_address,
|
|
|
|
'sshPort': ssh_port
|
2020-10-08 13:20:42 +00:00
|
|
|
}
|
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
client = mqtt.Client()
|
|
|
|
protocol = "mqtt"
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
if mqtt_require_certificate:
|
|
|
|
client.tls_set(
|
|
|
|
ca_certs=mqtt_ca_file,
|
|
|
|
certfile=mqtt_cert_file,
|
|
|
|
keyfile=mqtt_key_file,
|
2020-10-08 13:20:42 +00:00
|
|
|
cert_reqs=ssl.CERT_REQUIRED)
|
2020-10-19 22:20:33 +00:00
|
|
|
protocol = "mqtts"
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
if mqtt_broker_host.endswith(".onion"):
|
|
|
|
client.proxy_set(proxy_type=socks.SOCKS5, proxy_addr="localhost", proxy_port=tor_proxy_port)
|
|
|
|
client.tls_insecure_set(True)
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
client.connect(mqtt_broker_host, mqtt_broker_port, 60)
|
|
|
|
client.publish(mqtt_topic, json.dumps(payload))
|
|
|
|
print("Connected to MQTT Broker at %s://%s:%s/%s" % (protocol, mqtt_broker_host, mqtt_broker_port, mqtt_topic))
|
|
|
|
print("Published payload: " + json.dumps(payload))
|
2020-10-08 13:20:42 +00:00
|
|
|
|
2020-10-19 22:20:33 +00:00
|
|
|
client.disconnect()
|
|
|
|
print("Disconnected from MQTT Broker")
|