yosoyhendrix
/
Multi_Script


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168
							# -*- coding: utf-8 -*-

import socket
import threading
import select
import sys
import time
import itertools
import os
import ssl

# ==============================================================================
# CONFIGURACIÓN MAESTRA
# ==============================================================================
LISTENING_PORT = int(sys.argv[1]) if len(sys.argv) > 1 else 443
SSH_HOST = '127.0.0.1'
SSH_PORT = 22  # Puerto de Dropbear u OpenSSH
CERT_FILE = "/root/cert.pem"
KEY_FILE = "/root/key.pem"
LOG_FILE = "/root/proxy-ssl.log"

# SEGURIDAD
MAX_CONNECTIONS = 150
CONNECTION_COOLDOWN = 0.5
AUTO_BAN_STRIKES = 3  
BAN_TIME = 3600 # 1 hora
BUFLEN = 16384

# ESTADO GLOBAL
banned_ips = {}
ip_strikes = {}
active_connections = 0
conn_lock = threading.Lock()

# FAKE WEB (Para evadir detección de ISP/Firewalls)
FAKE_WEB = (b"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0\r\nContent-Type: text/html\r\n"
            b"Connection: close\r\n\r\n"
            b"<html><head><title>Welcome</title></head><body>"
            b"<h1>404 Not Found</h1><hr><address>nginx/1.24.0</address></body></html>")

# MENSAJES ROTATIVOS
MENSAJES = ["🚀 TLS ESTABLECIDO", "🛡️ CIFRADO ACTIVO", "🌐 ACCESO SEGURO"]
mensaje_cycle = itertools.cycle(MENSAJES)
cycle_lock = threading.Lock()

def write_log(msg, addr=None):
    try:
        ts = time.strftime("%Y-%m-%d %H:%M:%S")
        ip = f" [{addr[0]}]" if addr else ""
        with open(LOG_FILE, 'a') as f:
            f.write(f"[{ts}]{ip} {msg}\n")
    except: pass

class TunnelHandler(threading.Thread):
    def __init__(self, client, addr):
        super().__init__(daemon=True)
        self.client = client
        self.addr = addr
        self.target = None
        self.tx = 0
        self.rx = 0

    def run(self):
        global active_connections
        client_ip = self.addr[0]
        
        try:
            # 1. Verificar si está baneado
            if client_ip in banned_ips:
                if time.time() < banned_ips[client_ip]: return
                else: del banned_ips[client_ip]

            # 2. Leer petición inicial
            self.client.settimeout(2.5)
            try:
                payload = self.client.recv(BUFLEN)
            except: payload = b""

            # 3. Análisis de tráfico
            if b"HTTP/" in payload and b"Upgrade" not in payload:
                self.client.sendall(FAKE_WEB)
                return

            # 4. Conectar a SSH
            self.target = socket.create_connection((SSH_HOST, SSH_PORT), timeout=5)
            
            if payload:
                if payload.startswith(b"SSH-"):
                    self.target.sendall(payload)
                else:
                    with cycle_lock: msg = next(mensaje_cycle)
                    resp = f"HTTP/1.1 101 {msg}\r\nServer: nginx\r\nUpgrade: websocket\r\n\r\n"
                    self.client.sendall(resp.encode())
            
            # 5. Túnel bidireccional
            self.client.settimeout(None)
            self.target.settimeout(None)
            sockets = [self.client, self.target]
            while True:
                r, _, e = select.select(sockets, [], sockets, 300)
                if e or not r: break
                for s in r:
                    data = s.recv(BUFLEN)
                    if not data: return
                    if s is self.client:
                        self.target.sendall(data)
                        self.tx += len(data)
                    else:
                        self.client.sendall(data)
                        self.rx += len(data)
        except: pass
        finally:
            with conn_lock: active_connections -= 1
            self.cleanup()

    def cleanup(self):
        total = (self.tx + self.rx) / (1024*1024)
        if total > 0.1:
            write_log(f"Cierre de sesión. Tráfico: {total:.2f} MB", self.addr)
        for s in [self.client, self.target]:
            if s:
                try: s.close()
                except: pass

def main():
    global active_connections
    context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
    context.load_cert_chain(certfile=CERT_FILE, keyfile=KEY_FILE)
    
    server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    server.bind(('', LISTENING_PORT))
    server.listen(500)
    
    print(f"🔥 Proxy Ultimate v8 Activo en puerto {LISTENING_PORT}")

    while True:
        try:
            raw_c, addr = server.accept()
            
            # Control de inundación (Anti-Flood)
            now = time.time()
            last_t = ip_strikes.get(addr[0], {}).get('t', 0)
            if (now - last_t) < CONNECTION_COOLDOWN:
                strikes = ip_strikes.get(addr[0], {}).get('s', 0) + 1
                ip_strikes[addr[0]] = {'t': now, 's': strikes}
                if strikes >= AUTO_BAN_STRIKES:
                    banned_ips[addr[0]] = now + BAN_TIME
                    write_log("IP Baneada por abuso", addr)
                raw_c.close()
                continue
            ip_strikes[addr[0]] = {'t': now, 's': 0}

            try:
                client = context.wrap_socket(raw_c, server_side=True)
                with conn_lock:
                    if active_connections >= MAX_CONNECTIONS:
                        client.close()
                        continue
                    active_connections += 1
                TunnelHandler(client, addr).start()
            except:
                raw_c.close()
        except:
            time.sleep(0.05)

if __name__ == "__main__":
    main()