.. /LocalXpose
Star

Install
Access
Shell Access
Download
Exfiltration
Phishing

LocalXpose is free/subscription based tool which enables local services/applications to be exposed over the internet. Insiders as well as threat actors can use this tool to perform variety of malicious tasks. Although, the tool requires an authentication token of which free token can be obtained from the website.

Paths:

Resources:

Acknowledgements:

Detections:

Install

  1. In order to install the localxpose, it can be done directly via choco, npm, snap etc. as well as downloadable binaries are provided that can be executed on the fly.

    npm install -g loclx | Downloadable binaries
    Use case
    Installing/Downloading the localxpose binaries to be executed on the local machine.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Access

  1. Exeuting the loclx command provided with the API key to authenticate and generate a tunnel.

    loclx account login
    Use case
    Authenticating the loclx binary with authentication token to generate tunnels.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Shell Access

  1. Exeuting the binary to generate a local tunnel by binding it to the local service running on TCP ports.

    loclx tunnel tcp/udp --port <PORT>
    Use case
    Exposing SSH/RDP etc over tunnels for shell-access
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Download

  1. Executing the binary to generate a local tunnel by binding it to a local web server running on port 80.

    loclx tunnel http --port <PORT>
    Use case
    Exposing the local system over the tunnels for the files to be exfiltrated out of the organization.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Exfiltration

  1. Executing the binary to generate a local tunnel by binding it to the local file system exposed over port 80.

    loclx tunnel http --port <PORT>
    Use case
    Exposing the local web server/file system over the tunnels for the files to be exfiltrated out of the organization.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux

Phishing

  1. Executing the binary to generate a local tunnel by binding it to the local web server hosting phishing sites.

    loclx tunnel http --port <PORT>
    Use case
    Exposing the local web server hosting phishing sites to target users.
    Privileges required
    User
    Operating systems
    Windows, Mac, Linux