,-. ,-. ,-. ,-. ,-. ,-. ,-. . , ,-. | | |-' | |-' | | | ,-| | / ,-| |-' `-' ' `-' |-' ' `-^ `' `-^ | | ' ' * pereprava to your C2 *
pereprava is a minimal http/https redirector and reverse proxy for red team ops. no nginx, apache, socat, or tunnels — install it and go.
small, fast, and it tightly gates access to your c2.
allow only what you want: exact URIs, user-agents, and request headers.
strip or add response headers.
simple guard to slow fuzzing/bruteforce.
optional SSL (adhoc or your certs).
only GET and POST are accepted.
| flags quick ref |
|---|
| -target URL (required) |
| -uri "/api/v1/billing" (repeatable) | -fUris FILE.txt |
| -allowHeader "X-Pet: Cat" |
| -blockUserAgent "curl" | -allowUserAgent "wget" |
| -addHeader "Server: IIS" (repeatable) | -fAddHeaders FILE.txt |
| -stripHeader "Server" (repeatable) | -fStripHeaders FILE.txt |
| -redirect https://www.google.com |
| -guard -guardMax N -guardWindow SEC -guardBan SEC |
| -ssl -use-adhoc | -generate-self-signed | -certfile -keyfile | -k,--insecure |
| -host HOST -port N |
| -debug -quiet -nc |
note: only GET and POST are allowed. other methods return 405.
#with pipx (recommended)
# from git
pipx install git+https://github.com/t1Sh1n4/pereprava
# add to $PATH
pipx ensurepath
#or
#local dev
pipx install .basic
pereprava -target http://127.0.0.1:8080 -uri /ok
allow multiple URIs
# repeat -uri
pereprava -target http://127.0.0.1:8080 -uri /ok -uri /ping
# or
pereprava -target http://127.0.0.1:8080 -uri "/ok,/notok"
# or from file (one per line)
pereprava -target http://127.0.0.1:8080 -fUris allowed_uris.txt
require headers or user-agents
# require a header name only
pereprava -target http://127.0.0.1:8080 -allowHeader X-Token
# require exact name:value
pereprava -target http://127.0.0.1:8080 -allowHeader "X-Token: abc123"
# allow only chrome-like UA, block curl
pereprava -target http://127.0.0.1:8080 -allowUserAgent chrome -blockUserAgent curl
change response headers
# add
pereprava -target http://127.0.0.1:8080 -addHeader "X-Proxy: pereprava" -addHeader "Server: IIS 8.5"
# add from file (Name[: value] per line)
pereprava -target http://127.0.0.1:8080 -fAddHeaders add.txt
# strip
pereprava -target http://127.0.0.1:8080 -stripHeader Server -stripHeader Date
pereprava -target http://127.0.0.1:8080 -stripHeader "Server,Date,Via"
# strip from file (one per line)
pereprava -target http://127.0.0.1:8080 -fStripHeaders strip.txt
# ban IP if >20 req in 60s, ban for 300s (defaults shown)
pereprava -target http://127.0.0.1:8080 -guard -guardMax 20 -guardWindow 60 -guardBan 300
ssl
# quick self-signed (adhoc)
pereprava -target http://127.0.0.1:8080 -ssl -use-adhoc
# generate and save a self-signed cert/key (needs cryptography)
pereprava -target http://127.0.0.1:8080 -ssl -generate-self-signed
# use your own cert/key
pereprava -target http://127.0.0.1:8080 -ssl -certfile cert.pem -keyfile key.pem
misc
# host/port
pereprava -target http://127.0.0.1:8080 -host 0.0.0.0 -port 8443
# redirect failures instead of 4xx
pereprava -target http://127.0.0.1:8080 -uri /ok -redirect https://example.com/
# quiet and no color
pereprava -target http://127.0.0.1:8080 -quiet -nc
# debug logs
pereprava -target http://127.0.0.1:8080 -debugThis tool is for authorized testing and defense. Use it only on systems you own or have explicit permission to test. You are responsible for how you deploy and run it.