0trace.sh is a shell script written by Michal Zalewski. It is a reconnaissance / firewall bypassing tool that enables hop enumeration (“traceroute”) within an established TCP connection, such as a HTTP or SMTP session. This is opposed to sending stray packets, as traceroute-type tools usually do. In case of a successful scan, it provides useful additional servers for the penetration tester.
Otrace iface target_ip [ target_port ]
cyborg@cyborg:~$ sudo 0trace eth0 192.168.1.18 0 trace v0.01 PoC by <email@example.com> [+] Waiting for traffic from target on eth0... [+] Traffic acquired, waiting for a gap... [+] Target acquired: 192.168.1.8:80 -> 192.168.1.18:52273 (3904827740/710882551). [+] Setting up a sniffer... [+] Sending probes... TRACE RESULTS ------------- Target reached.