Proxy and SOCKS support

[StrongWind1]

What problem does this solve?

During internal penetration tests, the operator often needs to route traffic through a compromised host to reach the domain controller. CredWolf currently makes direct socket connections with no proxy support, so it cannot be used through SOCKS tunnels (e.g. chisel, ligolo-ng, ssh -D) or HTTP proxies without external tooling like proxychains.

Proposed solution

Add a --proxy <url> flag supporting SOCKS4, SOCKS5, and HTTP CONNECT proxies:

credwolf -d evil.corp ntlm --dc-ip 10.0.0.1 -u admin -p Pass1 --proxy socks5://127.0.0.1:1080
credwolf -d evil.corp kerberos --kdc-ip 10.0.0.1 -u admin -p Pass1 --proxy socks5://127.0.0.1:1080

Implementation notes:

• For NTLM/SMB: impacket's SMBConnection uses raw sockets — would need to wrap with socks.socksocket from PySocks before passing to impacket
• For NTLM/LDAP: impacket's LDAPConnection also uses raw sockets — same approach
• For Kerberos: CredWolf's custom _send_tcp and _send_udp methods create sockets directly — replace socket.socket() with socks.socksocket() when proxy is configured
• UDP over SOCKS5 is supported by the SOCKS5 protocol but rarely by proxy implementations — document this limitation and recommend TCP transport when using a proxy
• PySocks would become an optional dependency (credwolf[proxy])

Alternatives considered

• proxychains wrapper — works but adds latency, is Linux-only, and requires system-level configuration
• Environment variable ALL_PROXY — not supported by raw socket code
• ADSpray's PySocks integration — prior art, similar approach