Command Line Interface¶

Enhanced socks5 tools

usage: hoses [-h] [-4] [-6] [-V] [-S SOCKSS_SERVER] [-P SOCKSS_PORT]
             [-A ACCESS] [--cert CERT] [--key KEY] [--ca CA]
             [--log-cfg LOG_CFG] [--log-opt LOG_OPT]
             {connect,proxy,listen} ...

Named Arguments¶

-4, --ipv4

Prefer IPv4 protocol

Default: True

-6, --ipv6

Prefer IPv6 protocol

Default: False

-V, --version

show program’s version number and exit

-S, --sockss-server

sockss server name

-P, --sockss-port

sockss server port

Default: 9050

-A, --access

access rules specification

--cert

SSL certificate

--key

SSL Key

--ca

Certificate Authority

--log-cfg

Configure logging from file

--log-opt

Logging option

Sub-commands¶

connect¶

Connect to target

hoses connect [-h] [--tls] target port

Positional Arguments¶

target: Target hostname
port: Target port

Named Arguments¶

--tls

Connect using TLS (cannot be used with socks proxy)

Default: False

proxy¶

Run proxy server

hoses proxy [-h] [-l AUDIT_LOG]

Named Arguments¶

-l, --log: Path to audit log file

listen¶

Listen for connections

hoses listen [-h] [--wrap] [--unwrap] [-p] [-f] [--exec]
             address port [dest ...]

Positional Arguments¶

address: Bind address
port: Bind port port
dest: destination or exec command

Named Arguments¶

--wrap

Forwarded connections as TLS connections

Default: 'none'

--unwrap

Forwarded connections as TLS connections

Default: 'none'

-p, --persist

Persist this binding

Default: False

-f, --background

go to background after connection

Default: False

--exec

Will execute command

Default: False

Examples¶

Proxy¶

The main usage is as a socks proxy.

Basic socks5 compatible proxy:

hoses -S * -P 1080 proxy

-S * will listen on all IPv4 and IPv6 addresses.
-P 1080 listen on port 1080

Enable TLS and listen only on loopback address:

hoses -S 127.0.0.1 -P 3340 --cert server.crt --key server.key

Enable TLS and enable client certificate verification:

--cert server.crt : file path to server certificate
--key server.key : file path to corresponding key.

hoses -S 127.0.0.1 -P 3340 --cert server.crt --key server.key --ca ca.crt

--ca ca.crt Certificate file signing client certificates (or the client certificate itself for self-signed certificates.

netcat server¶

It can be used as netcat --listen replacement.

Listen on localhost, port 4040 and run a command:

hose listen --exec localhost 4040 'sh -c "python3 eliza.py"

Listen on unix socket on the socks server, and forward connections to port 22 on remotehost. And persist bindings.

hose -S socks-server -P 1080 listen -p unix:/tmp/sshsock 0 remotehost 22

Like previous but with TLS:

hose -S socks-server -P 1080 --cert client.crt --key client.key --ca ca.crt listen -p unix:/tmp/sshsock 0 remotehost 22

netcat client¶

It can be used as a netcat client to connect to network ports.

Connect to remote:

hose connect remotehost 4583

Connect to a remote TLS server with certificate based client authentication

hose --cert client.crt --key client.key --ca ca.crt connect remotehost 4583

Connect to a remote host through a SSL socks proxy with client authentication

hose -S socks-server -P 1080 --cert client.crt --key client.key --ca ca.crt connect remotehost 4583

stunnel¶

This is used as a replacement for stunnel.

Accept TLS connections and forward them to a different port. This is used to provide TLS encryption to protocol servers that do not support this out of the box.

hose --cert server.crt --key server.key listen --unwrap -p localhost 8011 remotehost 11

Accept unencrypted connection and forward them to a TLS server. This is used to give TLS encryption to protocol clients that do not support it out of the box.

hose --cert server.crt --key server.key listen --wrap -p localhost 11 remotehost 8011

SSH tunnel¶

You can use it as an ssh proxy command to make ssh go through a Socks proxy:

ssh -o "ProxyCommand hoses -S sockserver -P 1080 connect %h %p" remotehost

Environment variables¶

HOSES_PROXY : Used to configure the -S --sockss-server and -P --sockss-port options. It takes a value of hostname : port .
HOSES_ACCESS_RULES : Command line -a --access options. Access rules specification.
HOSES_TlS_CERT : Command line --cert, TLS certificate. Used for servers and clients to identify each other. For clients, it is optional, whereas for servers, it is mandatory.
HOSES_TLS_KEY : Command line --key. Key for the corresponding
certificate --cert.
HOSES_TLS_CA : Certificate used to validate peers. For clients, it would be either the CA that is signing the server’s certificate. Similarly, for servers, it would be the CA that is signing the client’s certificates. Self-signed certificates are allowed here, but then it limits the signed certificates to one, so it is pretty useless for identifying client.
HOSES_LOGCFG : Command line for --log-cfg. Logging config file. See logging below.

Logging¶

This software makes use of the standard python logging library. It can be configured via two options:

--log-cfg FILE : Configure logging from file. See Configuring Logging on the file cormat.
--log-opt KEY=VALUE : Pass configuration keys to basicConfig.

Example:

--log-opt level=DEBUG --log-opt filename=logfile.txt

See Log Levels for possible log level options.

Command Line Interface¶

Named Arguments¶

Sub-commands¶

connect¶

Positional Arguments¶

Named Arguments¶

proxy¶

Named Arguments¶

listen¶

Positional Arguments¶

Named Arguments¶

Examples¶

Proxy¶

netcat server¶

netcat client¶

stunnel¶

SSH tunnel¶

Environment variables¶

Logging¶

hoses

Navigation

Related Topics