blackarrowsec
pivotnacci
Python

A tool to make socks connections through HTTP agents

Last updated Jul 2, 2026
724
Stars
112
Forks
0
Issues
+1
Stars/day
Attention Score
30
Language breakdown
No language data available.
β–Έ Files click to expand
README

pivotnacci

[]() []()

Pivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server which communicates with HTTP agents. The architecture looks like the following:

This tool was inspired by the great reGeorg. However, it includes some improvements:

  • Support for balanced servers
  • Customizable polling interval, useful to reduce detection rates
  • Auto drop connections closed by a server
  • Modular and cleaner code
  • Installation through pip
  • Password-protected agents
Supported socks protocols

  • [X] Socks 4
  • [X] Socks 5
+ [X] No authentication + [ ] User password + [ ] GSSAPI

Installation


From python packages:

pip3 install pivotnacci

From repository:

git clone https://github.com/blackarrowsec/pivotnacci.git cd pivotnacci/ pip3 install -r requirements.txt # to avoid installing on the OS python3 setup.py install # to install on the OS

Usage


  • Upload the required agent (php, jsp or aspx) to a webserver
  • Start the socks server once the agent is deployed
  • Configure proxychains or any other proxy client (the default listening port for pivotnacci socks server is 1080)
$ pivotnacci -h
usage: pivotnacci [-h] [-s addr] [-p port] [--verbose] [--ack-message message]
                  [--password password] [--user-agent user_agent]
                  [--header header] [--proxy [protocol://]host[:port]]
                  [--type type] [--polling-interval milliseconds]
                  [--request-tries number] [--retry-interval milliseconds]
                  url

Socks server for HTTP agents

positional arguments: url The url of the agent

optional arguments: -h, --help show this help message and exit -s addr, --source addr The default listening address (default: 127.0.0.1) -p port, --port port The default listening port (default: 1080) --verbose, -v --ack-message message, -a message Message returned by the agent web page (default: Server Error 500 (Internal Error)) --password password Password to communicate with the agent (default: ) --user-agent useragent, -A useragent The User-Agent header sent to the agent (default: pivotnacci/0.0.1) --header header, -H header Send custom header. Specify in the form 'Name: Value' (default: None) --proxy [protocol://]host[:port], -x [protocol://]host[:port] Set the HTTP proxy to use.(Environment variables HTTPPROXY and HTTPSPROXY are also supported) (default: None) --type type, -t type To specify agent type in case is not automatically detected. Options are ['php', 'jsp', 'aspx'] (default: None) --polling-interval milliseconds Interval to poll the agents (for recv operations) (default: 100) --request-tries number The number of retries for each request to an agent. To use in case of balanced servers (default: 50) --retry-interval milliseconds Interval to retry a failure request (due a balanced server) (default: 100)

Examples


Using an agent with password s3cr3t (AGENT_PASSWORD variable must be modified at the agent side as well):

pivotnacci  https://domain.com/agent.php --password "s3cr3t"

Using a custom HTTP Host header and a custom CustomAgent User-Agent:

pivotnacci  https://domain.com/agent.jsp -H 'Host: vhost.domain.com' -A 'CustomAgent'

Setting a different agent message 418 I'm a teapot (ACK_MESSAGE variable must be modified at the agent side as well):

pivotnacci https://domain.com/agent.aspx --ack-message "418 I'm a teapot"

Reduce detection rate (e.g. WAF) by setting the polling interval to 2 seconds:

pivotnacci  https://domain.com/agent.php --polling-interval 2000

Author


Eloy PΓ©rez (@Zer1t0) [www.blackarrow.net - www.tarlogic.com ]

License


All the code included in this project is licensed under the terms of the GNU AGPLv3 license.

#

Β© 2026 GitRepoTrend Β· blackarrowsec/pivotnacci Β· Updated daily from GitHub