hidden-portforwarding

This tool allows the victim to set up a new Hidden Service that forwards TCP traffic to a TCP port. Then, the attacker can access the Hidden Service to access the target.

If the target is a SOCKS proxy, the attacker can pivot easily through the victim to internal networks.

Some parameters need to be set:

$ ./hidden-portforwarding -h
Usage of hidden-portforwarding:

  -data-dir string
        Where Tor data is stored. If not defined, a directory is created
  -forward string
        Where the hidden service should forward packets (local port forwarding). Format: <FW_IP>:<FW_PORT>. This parameter is required
  -hidden-port int
        Port for onion service (default 80)
  -timeout int
        Timeout in seconds for Tor setup (default 180)

See Pivoting with hidden-portforwarding and Chisel for a real usage example.