Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
86 matches across 9 categories. Click a row to expand file-level details.
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | sshuttle/server.py | 154 | except Exception: |
| LOW | sshuttle/hostwatch.py | 60 | except Exception: |
| LOW | sshuttle/firewall.py | 258 | except Exception: |
| LOW | sshuttle/firewall.py | 280 | except Exception: |
| LOW | sshuttle/firewall.py | 384 | except Exception: |
| LOW | sshuttle/firewall.py | 391 | except Exception: |
| LOW | sshuttle/firewall.py | 395 | except Exception: |
| LOW | sshuttle/firewall.py | 402 | except Exception: |
| LOW | sshuttle/firewall.py | 406 | except Exception: |
| LOW | sshuttle/firewall.py | 412 | except Exception: |
| LOW | sshuttle/firewall.py | 416 | except Exception: |
| LOW | sshuttle/firewall.py | 422 | except Exception: |
| LOW | sshuttle/firewall.py | 426 | except Exception: |
| MEDIUM | sshuttle/firewall.py | 225 | def _read_next_string_line(): |
| LOW | sshuttle/helpers.py | 269 | except Exception: |
| LOW | sshuttle/helpers.py | 303 | except Exception: |
| LOW | sshuttle/helpers.py | 323 | except Exception: |
| LOW | sshuttle/helpers.py | 337 | except Exception: |
| MEDIUM | sshuttle/helpers.py | 318 | def stream_reader_to_sock(): |
| MEDIUM | sshuttle/helpers.py | 330 | def stream_sock_to_writer(): |
| LOW | sshuttle/methods/windivert.py | 364 | except Exception: |
| MEDIUM | sshuttle/methods/windivert.py | 361 | def _target(): |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | tests/client/test_options.py | 123 | def test_convert_arg_line_to_args_skips_comments(): |
| LOW | tests/client/test_options.py | 129 | def test_parse_subnetport_host(mock_getaddrinfo): |
| LOW | tests/client/test_options.py | 148 | def test_parse_subnetport_host_with_port(mock_getaddrinfo): |
| LOW | tests/client/test_methods_tproxy.py | 9 | def test_get_supported_features(): |
| LOW | tests/client/test_firewall.py | 68 | def test_rewrite_etc_hosts_no_overwrite(mock_link, mock_rename, tmpdir): |
| LOW | tests/client/test_sudoers.py | 8 | def test_build_config_pythonpath_is_site_packages_parent(): |
| LOW | tests/client/test_sudoers.py | 46 | def test_build_config_contains_user_name_and_cmd_alias(): |
| LOW | tests/client/test_methods_pf.py | 11 | def test_get_supported_features(): |
| LOW | tests/client/test_methods_pf.py | 93 | def test_firewall_command_darwin(mock_pf_get_dev, mock_ioctl, mock_stdout): |
| LOW | tests/client/test_methods_pf.py | 116 | def test_firewall_command_freebsd(mock_pf_get_dev, mock_ioctl, mock_stdout): |
| LOW | tests/client/test_methods_pf.py | 139 | def test_firewall_command_openbsd(mock_pf_get_dev, mock_ioctl, mock_stdout): |
| LOW | tests/client/test_methods_pf.py | 174 | def test_setup_firewall_darwin(mock_pf_get_dev, mock_ioctl, mock_pfctl): |
| LOW | tests/client/test_methods_pf.py | 293 | def test_setup_firewall_freebsd(mock_pf_get_dev, mock_ioctl, mock_pfctl, |
| LOW | tests/client/test_methods_pf.py | 403 | def test_setup_firewall_openbsd(mock_pf_get_dev, mock_ioctl, mock_pfctl): |
| LOW | tests/client/test_methods_nat.py | 11 | def test_get_supported_features(): |
| LOW | tests/client/test_helpers.py | 120 | def test_resolvconf_nameservers(mock_open): |
| LOW | tests/client/test_helpers.py | 146 | def test_get_random_nameserver(mock_open): |
| LOW | tests/client/test_sdnotify.py | 9 | def test_notify_invalid_socket_path(mock_get): |
| LOW | tests/client/test_sdnotify.py | 15 | def test_notify_socket_not_there(mock_get): |
| LOW | sshuttle/firewall.py | 98 | def _setup_daemon_for_unix_like(): |
| LOW | sshuttle/firewall.py | 124 | def _setup_daemon_for_windows(): |
| LOW | sshuttle/methods/windivert.py | 295 | def _get_bind_address_for_port(self, port, family): |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | docs/conf.py | 1 | #!/usr/bin/env python3 |
| LOW | docs/conf.py | 21 | # If extensions (or modules to document with autodoc) are in another directory, |
| LOW | docs/conf.py | 41 | # The suffix of source filenames. |
| LOW | docs/conf.py | 61 | version = '.'.join(release.split('.')[:2]) |
| LOW | docs/conf.py | 81 | # If true, '()' will be appended to :func: etc. cross-reference text. |
| LOW | docs/conf.py | 101 | |
| LOW | docs/conf.py | 121 | # html_short_title = None |
| LOW | docs/conf.py | 141 | |
| LOW | docs/conf.py | 161 | # html_use_index = True |
| LOW | docs/conf.py | 201 | # (source start file, target name, title, |
| LOW | .github/workflows/codeql.yml | 1 | # For most projects, this workflow file will not need changing; you simply need |
| LOW | .github/workflows/codeql.yml | 61 | # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines |
| LOW | sshuttle/ssh.py | 141 | pyscript = pyscript.replace(c, '`' + c) |
| LOW | sshuttle/ssh.py | 161 | # below). |
| LOW | sshuttle/helpers.py | 81 | # |
| Severity | File | Line | Snippet |
|---|---|---|---|
| HIGH | sshuttle/methods/nft.py | 56 | # Redirect DNS traffic as requested. This includes routing traffic |
| HIGH | sshuttle/methods/nat.py | 53 | # Redirect DNS traffic as requested. This includes routing traffic |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | sshuttle/server.py | 20 | |
| LOW | sshuttle/server.py | 288 | |
| LOW | sshuttle/hostwatch.py | 116 | |
| LOW | sshuttle/firewall.py | 200 | |
| LOW | sshuttle/client.py | 591 | |
| LOW | sshuttle/client.py | 808 | |
| LOW | sshuttle/cmdline.py | 17 | |
| LOW | sshuttle/ssh.py | 87 | |
| LOW | sshuttle/helpers.py | 66 | |
| LOW | sshuttle/ssnet.py | 146 | |
| LOW | sshuttle/ssnet.py | 401 | |
| LOW | sshuttle/methods/tproxy.py | 20 | |
| LOW | sshuttle/methods/windivert.py | 404 | |
| LOW | sshuttle/methods/windivert.py | 485 |
| Severity | File | Line | Snippet |
|---|---|---|---|
| HIGH | sshuttle/server.py | 69 | mask = _maskbits(maskw) # returns 32 if maskw is null |
| HIGH | sshuttle/hostwatch.py | 166 | p = ssubprocess.Popen(argv, stdout=ssubprocess.PIPE, stderr=null, |
| HIGH | sshuttle/ssh.py | 186 | pycmd = ("P=python3; $P -V 2>%s || P=python; " |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | sshuttle/server.py | 360 | # different platforms we can not just set the socket family |
| MEDIUM | sshuttle/client.py | 226 | if is_admin_user(): # No need to elevate privileges |
| MEDIUM | sshuttle/client.py | 233 | # XXX: Attempt to elevate privilege using 'runas' in windows seems not working. |
| MEDIUM | sshuttle/client.py | 352 | # entered the wrong password to elevate privileges. |
| Severity | File | Line | Snippet |
|---|---|---|---|
| MEDIUM | docs/conf.py | 7 | # This file is execfile()d with the current directory set to its |
| MEDIUM | sshuttle/client.py | 87 | # Create a daemon process with a new session id. |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | sshuttle/hostwatch.py | 239 | # Check if this jobs needs to run. |
| LOW | sshuttle/client.py | 348 | rv = self.p.poll() # Check if process is still running |