Gotea/hostscan-bypass
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Final touchups

Browse Source
This commit is contained in:
Gilks
2018-07-23 21:03:47 -04:00
parent 1338d5be68
commit d1e8a2b165
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -1,15 +1,15 @@
# hostscan-bypass
# Hostscan Bypass
Generate an OpenConnect Cisco Secure Desktop [(CSD)](http://www.infradead.org/openconnect/csd.html) file that bypasses AnyConnect hostscan requirements.
This script parses an AnyConnect client connection and outputs a CSD file that can be used with OpenConnect. The CSD file will perform a POST request to the AnyConnect server, giving the illusion a hostscan took place. Even if the AnyConnect server does not publish binaries for your Operating System (OS), you will still be able to connect. This is due to the fact that OpenConnect allows you to specify which OS you are connecting from. This means you can be on a Linux and pretend to be a Windows client!
This script parses an AnyConnect client connection and outputs a CSD file that can be used with OpenConnect. The CSD file will perform a POST request to the AnyConnect server, giving the illusion a hostscan took place. Even if the AnyConnect server does not publish binaries for your Operating System (OS), you will still be able to connect. This is due to the fact that OpenConnect allows you to specify which OS you are connecting from. This means you can be on a Linux box and pretend to be a Windows client!
WARNING: Doing this will bypass the checks hostscan performs. This may be against your companies policy. By using this script and the resulting CSD file, you are releasing me of any liability. This script is for educational purposes only.
**WARNING:** Doing this will bypass the checks hostscan performs. This may be against your companies policy. By using this script and the resulting CSD file, you are using these files at your own risk. This script is for educational purposes only.
# Blog
You can find the associated blog for this tool [here](https://gilks.github.io/post/cisco-hostscan-bypass).
# Quick Start
*Note: You will need to install go. That process won't be covered here.
Note: You will need to install go. That process won't be covered here.
1. `sudo go run hostscan-bypass.go -l <YOUR IP> -p 443 -r <TARGET VPN URL>:443 -s`
2. Use AnyConnect and connect to `<YOUR IP>`
@@ -19,5 +19,5 @@ You can find the associated blog for this tool [here](https://gilks.github.io/po
# Shout Outs
1. `hostscan-bypass.go` was hacked off of [tcpprox](https://github.com/staaldraad/tcpprox). Thanks [@staaldraad](https://github.com/staaldraad)!
2. Fromzy, who happened to posted the most [simple CSD](http://lists.infradead.org/pipermail/openconnect-devel/2015-January/002544.html) example
2. Fromzy, who posted the most [simple CSD](http://lists.infradead.org/pipermail/openconnect-devel/2015-January/002544.html) example
3. [@bmaddy](https://github.com/bmaddy), who [posted examples](https://gist.github.com/bmaddy/dc720f494fa4de28ffc03cc6a472e965) and resources that aided in the completion of this project