Wi-Fi Connected
        │
        ▼
[1] ARP Discovery → Detect all LAN devices
        │
        ▼
[2] Host Identification → IP + NetBIOS / “Evil” label for self
        │
        ▼
[3] Target Selection → single host or ALL HOSTS + ALL PORTS
        │
        ▼
[4] Port Selection → choose internal port (or proxy → 80)
        │
        ▼
[5] IGD Discovery → detect router supporting UPnP
        │
        ▼
[6] NAT Mapping → external port ► internal service
        │
        ▼
[7] WAN Exposure → show public IP + mapped port

• Scans LAN for active hosts and displays a selectable list.
• Each host shows its IP and optional NetBIOS name.
• Select a host:
  • Self (Evil-Cardputer) → use port 80 directly or via local proxy (e.g., 8080→80).
  • Remote host → scans for open services (HTTP, SSH, RTSP, etc.).
• Prompts for an external WAN port to expose the selected service.
• Displays public WAN IP and final mapped endpoint on success.

• Enumerates all active LAN devices.
• Tests a predefined list of common ports (HTTP, HTTPS, RTSP, SSH, RDP, P2P...).
• Automatically maps every reachable service to consecutive external ports (starting at 50001).
• Shows mapping results in real time on-screen (OK / FAIL).
• Ends with WAN IP and total mapped ports summary.

• Creates a local TCP relay from any port (e.g., 81 or 8080) to the internal web service on port 80.
• Useful when exposing the Cardputer’s own web interface through custom external ports.
• Traffic is mirrored both ways in real time.

Client ──► Cardputer:8080 → (proxy) → Cardputer:80

[ARP] Found: 192.168.1.10
[ARP] Found: 192.168.1.23
[UPnP] Router detected
[MAP] 192.168.1.23:80 → 203.0.113.7:50080 [OK]

------------------------------------------------------------
LAN Host: 192.168.1.50 - Evil
Internal Port: 80
External Port: 50080
Mapping: SUCCESS
WAN IP: 203.0.113.7
→ Exposed service: http://203.0.113.7:50080/
------------------------------------------------------------

Use strictly for authorized network audits and red team assessments.
This module relies on UPnP-enabled routers, hardened or filtered gateways will block mapping attempts or demand that not provided by original host.
Use responsibly automated exposure can significantly increase network attack surface.

Several Internet Gateway Devices implement restrictive UPnP security rules. Common causes include:

• Strict UPnP filtering: some routers only allow port mappings if the SOAP request originates from the same internal host being mapped.
• IP consistency checks: the IGD compares the source IP of the request with the InternalClient parameter. If they differ, the action is rejected.
• Partial UPnP disablement: many routers allow SSDP discovery but block WANIPConnection actions.
• Third-party host refusal: on most consumer routers, only the device initiating the request may map its own internal ports, preventing NAT exposure of other LAN devices.

Most routers enforce a rule requiring the internal IP of the mapped service to match the IP of the device issuing the UPnP request. When the Cardputer attempts to expose a remote host (e.g., 192.168.1.23), the IGD typically rejects the call with an error such as:

[UPnP] Action Failed - ConflictInMappingEntry

The internal proxy is recommended when:

• the Cardputer’s web interface runs on a non-standard port;
• the router refuses port 80 or considers it reserved/conflicting;
• you must relay an arbitrary local port (e.g., 81 or 8080) to 80 to satisfy IGD restrictions.

The module follows the standardized UPnP IGD workflow:

1. SSDP discovery → detect routers exposing WANIPConnection services.
2. IGD parsing → download and parse the device description XML to extract SOAP control URLs.
3. AddPortMapping() → send a SOAP action containing:

   InternalClient = 192.168.X.X
   InternalPort   = Internal service port
   ExternalPort   = Chosen WAN port
   Protocol       = TCP
   Enabled        = 1
       

4. IGD validation → router checks for conflicts, IP consistency, and allowed ranges.
5. GetExternalIPAddress() → retrieve WAN IP to produce the final accessible endpoint.