{ "id": "196a2598-e267-4374-824b-3158e9ee90d0", "created_at": "2026-04-06T00:14:56.334859Z", "updated_at": "2026-04-10T13:12:26.763028Z", "deleted_at": null, "sha1_hash": "24182ec6e2ce120e6ba493e9f0c1a6653b597ef2", "title": "GitHub - aploium/shootback: a reverse TCP tunnel let you access target behind NAT or firewall", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 113604, "plain_text": "GitHub - aploium/shootback: a reverse TCP tunnel let you access\r\ntarget behind NAT or firewall\r\nBy aploium\r\nArchived: 2026-04-05 23:35:46 UTC\r\nshootback is a reverse TCP tunnel let you access target behind NAT or firewall\r\n反向TCP隧道, 使得NAT或防火墙后的内网机器可以被外网访问.\r\nConsumes less than 1% CPU and 8MB memory under 800 concurrency.\r\nslaver is single file and only depends on python(2.7/3.4+) standard library.\r\nHow it works\r\nTypical Scene\r\n1. Access company/school computer(no internet IP) from home\r\n从家里连接公司或学校里没有独立外网IP的电脑\r\nhttps://github.com/aploium/shootback\r\nPage 1 of 4\n\n2. Make private network/site public.\r\n使内网或内网站点能从公网访问\r\n3. Help private network penetration.\r\n辅助内网渗透\r\n4. Help CTF offline competitions.\r\n辅助CTF线下赛, 使场外选手也获得比赛网络环境\r\n5. Connect to device with dynamic IP, such as ADSL\r\n连接动态IP的设备, 如ADSL\r\n6. SSL encryption between slaver and master\r\nslaver和master间支持SSL加密\r\nGetting started\r\n1. requirement:\r\nMaster: Python3.4+, OS independent\r\nSlaver: Python2.7/3.4+, OS independent\r\nno external dependencies, only python std lib\r\n2. download git clone https://github.com/aploium/shootback\r\n3. (optional) if you need a single-file slaver.py, run python3 build_singlefile_slaver.py\r\n4. run these command\r\n# master listen :10000 for slaver, :10080 for you\r\npython3 master.py -m 0.0.0.0:10000 -c 127.0.0.1:10080\r\n# slaver connect to master, and use example.com as tunnel target\r\n# ps: you can use python2 in slaver, not only py3\r\npython3 slaver.py -m 127.0.0.1:10000 -t example.com:80\r\n# doing request to master\r\ncurl -v -H \"host: example.com\" 127.0.0.1:10080\r\n# -- some HTML content from example.com --\r\n# -- some HTML content from example.com --\r\n# -- some HTML content from example.com --\r\n5. a more reality example (with ssl):\r\nassume your master is 22.33.44.55 (just like the graph above)\r\n# slaver_local_ssh \u003c---\u003e slaver \u003c--[SSL]--\u003e master(22.33.44.55) \u003c--\u003e You\r\n# ---- master ----\r\npython3 master.py -m 0.0.0.0:10000 -c 0.0.0.0:10022 --ssl\r\nhttps://github.com/aploium/shootback\r\nPage 2 of 4\n\n# ---- slaver ----\r\n# ps: the `--ssl` option is for slaver-master encryption, not for SSH\r\npython(or python3) slaver.py -m 22.33.44.55:10000 -t 127.0.0.1:22 --ssl\r\n# ---- YOU ----\r\nssh 22.33.44.55 -p 10022\r\n6. for more help, please see python3 master.py --help and python3 slaver.py --help\r\nTips\r\n1. run in daemon:\r\nnohup python(or python3) slaver.py -m host:port -t host:port -q \u0026\r\nor:\r\n# screen is a linux command\r\nscreen\r\npython(or python3) slaver.py -m host:port -t host:port\r\n# press ctrl-a d to detach screen\r\n# and if necessary, use \"screen -r\" to reattach\r\n2. ANY service using TCP is shootback-able. HTTP/FTP/Proxy/SSH/VNC/...\r\n3. shootback itself just do the transmission job, do not handle encrypt or proxy.\r\nhowever you can use a 3rd party proxy (eg: shadowsocks) as slaver target.\r\nfor example:\r\nshadowsocks_server\u003c--\u003eshootback_slaver\u003c--\u003eshootback_master\u003c--\u003eshadowsocks_client(socks5)\r\nWarning\r\n1. in windows, due to the limit of CPython select.select() , shootback can NOT handle more than 512\r\nconcurrency, you may meet\r\nValueError: too many file descriptors in select()\r\nIf you have to handle such high concurrency in windows, Anaconda-Python3 is recommend, it's limit in\r\nwindows is 2048\r\nPerformance\r\n1. in my laptop of intel I7-4710MQ, win10 x64:\r\n1.6Gbits/s of loopback transfer (using iperf), with about 5% CPU occupation.\r\n800 thread ApacheBench, with less than 1% CPU and 8MB memory consume\r\nhttps://github.com/aploium/shootback\r\nPage 3 of 4\n\nSource: https://github.com/aploium/shootback\r\nhttps://github.com/aploium/shootback\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://github.com/aploium/shootback" ], "report_names": [ "shootback" ], "threat_actors": [], "ts_created_at": 1775434496, "ts_updated_at": 1775826746, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/24182ec6e2ce120e6ba493e9f0c1a6653b597ef2.pdf", "text": "https://archive.orkl.eu/24182ec6e2ce120e6ba493e9f0c1a6653b597ef2.txt", "img": "https://archive.orkl.eu/24182ec6e2ce120e6ba493e9f0c1a6653b597ef2.jpg" } }