PentestProxy

Scripts for building a Covert Pentesting Infrastructure using RedSocks and DNScrypt.

Overview

This repository contains a set of Bash scripts to assist in setting up a transparent proxy infrastructure. It routes traffic through a SOCKS5 proxy (via RedSocks) and encrypts DNS queries (via DNScrypt).

Original Source: CPH-SEC/CPH-SEC.github.io

Requirements

• Linux (Debian/Ubuntu based)
• Root privileges (sudo)
• python3
• iptables
• nano (or editor of choice)
• curl

Installation

1. Install dependencies: Run the installation script to set up dnscrypt-proxy and resolvconf.

   sudo ./installdnscrypt.sh

2. Edit RedSocks configuration: Configure your remote SOCKS5 proxy details.

   sudo ./editREDconf.sh

Usage

Starting the Proxy

To start the transparent proxy (this will restart DNS services and apply iptables rules):

sudo ./startREDsocks.sh

This script acts as the main entry point. It will keep running. Press Ctrl+C to stop and clean up.

Manual Controls

• Route Traffic: Apply iptables rules manually.

  sudo ./iproute.sh

• Reset Routing: Clear iptables rules and stop redirection.

  sudo ./resetiproute.sh

• Restart DNS: Restart DNScrypt and networking.

  sudo ./restartDNScrypt.sh

• Check IP: Verify your external IP address.

  ./myip.sh

• Fetch Proxies: (Requires fetch-some-proxies submodule)

  sudo ./fetch.sh

Security Code Quality

This repository has been audited and modernized.

• Safety: Scripts check for root privileges and required dependencies.
• Logging: All scripts use structured logging.
• Error Handling: set -euo pipefail is enabled to catch errors early.