MikroTik

Let's call it «Web Knocking».
The idea is simple - we open the ports just by clicking on the link.
This is a web server that sends IP addresses of valid requests to the white list and IP addresses of bad requests to the black list:
https://github.com/vikilpet/Web-Knocking

Goal of port knocking is to keep it hidden to public except the ones in the know. But at least easy to use.

Update:
• New ini parameter: url_prefix

Besides being less practical than nping, I suspected the executable might be malicious. VT Detection ratio: 11 / 70

Check VirusTotal: https://www.virustotal.com/en/file/d81c ... /analysis/

Besides being less practical than nping

You did not get the idea.

I suspected the executable might be malicious. VT Detection ratio: 11 / 70
Check VirusTotal: https://www.virustotal.com/en/file/d81c ... /analysis/

If you believe in power of heuristic algoritms of noname antiviruses you better not use winbox too:
https://www.virustotal.com/#/file/b300a ... /detection

The code is now publicly available.
It also may work with non-routeros devices with help of netmiko but i have MikroTik's only.

Although I understand the idea, there is a couple of possible issues.

- Continuous open-to-anyone-everywhere attack-vector of the DNAT-entry pointing to your web-page.
- Un-encrypted "admin" credentials in the Python files ; if ever compromised you have full power on the Mikrotik
- Only 1 "stage" , meaning making the request to the correct URL and you are in.


I also use port-knocking in a 3-stage setup, meaning 3 knocks are required (random ports, mix of UDP/TCP), within a certain time-frame (seconds) to give access for a specified duration.
Much,much more secure, I would say near impossible to "guess" it and there is no permanent "patchhole" like you have pointing to your Phythong webserver.

Any smartphone could run such app where you can pre-configure the knocking-sequence. If your user is eg. sitting in a hotel he can use the Hotel Wifi and perform the sequence, then the laptop (also connected on Hotel-wifi) probably uses the same public-IP and is therefore also usable. (same applies if at home)
Or the use could use his phone on 4G in "tethering" mode and act as wireless AP for the laptop to work on after sequencing the port-knock.

The alternative offcourse is "VPN"

I do not see the need of a URL to port knock. I will add more components to run the network.

To use normal port knock, you do not need any tools if its TCP to open the ports.

Eks port 1600, 2500 and 3456 needed to open.

Then from any browser open following pages in sequences.
http://router_os.ip:/1600
http://router_os.ip:/2500
http://router_os.ip:/3456

I do not see the need of a URL to port knock. I will add more components to run the network.

To use normal port knock, you do not need any tools if its TCP to open the ports.

Eks port 1600, 2500 and 3456 needed to open.

Offcourse this will work too, but nice simple Windows, Android & IOS apps exist where 1 press of a button starts the sequence, putting some custom timers where needed etc.
In your case you need some favorites URL's stored or something, especially if you expect the sequences to arrives within max 1 or 2 seconds apart.
Many solutions exist.

v2020-04-15
+ Logging to a file

Syslog is the best way (at least for me) to handle logs.

v2020-04-20
new logging format

v2020-04-23 + hotkeys

v2020-07-23 + hotkey «s». Now you can add new users without having to restart the program.

v2022-01-03
Added: favicon, reload, an asterisk at expired dates
Changed: HTML template (simpler and more mobile-friendly)

Use wireguard, it easy!