MCPcopy
hub / github.com/nicocha30/ligolo-ng

github.com/nicocha30/ligolo-ng @v0.8.3 sqlite

repository ↗ · DeepWiki ↗ · release v0.8.3 ↗
285 symbols 770 edges 50 files 115 documented · 40%
README

Ligolo-ng : Tunneling like a VPN

Ligolo Logo

An advanced, yet simple, tunneling tool that uses TUN interfaces.

GPLv3 Go Report GitHub Sponsors GitHub Downloads (all assets, all releases)

📑 Ligolo-ng Documentation (Setup/Quickstart)

[!TIP] Ligolo-ng 0.8 added a lot of new features, including: - 🌐 API and a beautiful Web Interface thanks to L'ami du Raisin, allowing multiplayer! - ⚙️ Simple configuration file, to keep your tunneling/proxy settings - 🚦 Daemon mode, to run Ligolo-ng as a service - 🔗 Auto-bind, to automatically configure tunneling whenever a specific agent connects - 📶 Easy and automatic (autoroute) route and interface management on Windows, Linux, MacOS and BSD! - 💀 Agent kill, to remotely terminate an agent

Please try it out! Release: Ligolo-ng 0.8

Ligolo Web

Table of Contents

Introduction

Ligolo-ng is a simple, lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun interface (without the need of SOCKS).

Features

  • Tun interface (No more SOCKS/Proxychains!)
  • Simple UI with agent selection and network information
  • Easy to use and setup
  • Automatic certificate configuration with Let's Encrypt
  • Performant (Multiplexing)
  • Does not require privileges on the agent
  • Socket listening/binding on the agent
  • Multiple platforms supported for the agent
  • Can handle multiple tunnels
  • Reverse/Bind Connection
  • Automatic tunnel/listeners recovery (in case of network issues)
  • Websocket support

Demo

Ligolo-ng-demo.webm

How is this different from Ligolo/Chisel/Meterpreter... ?

Instead of using a SOCKS proxy or TCP/UDP forwarders, Ligolo-ng creates a userland network stack using Gvisor.

When running the relay/proxy server, a tun interface is used, packets sent to this interface are translated, and then transmitted to the agent remote network.

As an example, for a TCP connection:

  • SYN are translated to connect() on remote
  • SYN-ACK is sent back if connect() succeed
  • RST is sent if ECONNRESET, ECONNABORTED or ECONNREFUSED syscall are returned after connect
  • Nothing is sent if timeout

This allows running tools like nmap without the use of proxychains (simpler and faster).

How to use - documentation - tutorial

You will find the documentation for Ligolo-ng, as well as the steps to follow to get it up and running on the Ligolo-ng Documentation

Does it require Administrator/root access ?

On the agent side, no! Everything can be performed without administrative access.

However, on your relay/proxy server, you need to be able to create a tun interface.

Supported protocols/packets

  • TCP
  • UDP
  • ICMP (echo requests)

Performance

You can easily hit more than 100 Mbits/sec. Here is a test using iperf from a 200Mbits/s server to a 200Mbits/s connection.

$ iperf3 -c 10.10.0.1 -p 24483
Connecting to host 10.10.0.1, port 24483
[  5] local 10.10.0.224 port 50654 connected to 10.10.0.1 port 24483
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  12.5 MBytes   105 Mbits/sec    0    164 KBytes       
[  5]   1.00-2.00   sec  12.7 MBytes   107 Mbits/sec    0    263 KBytes       
[  5]   2.00-3.00   sec  12.4 MBytes   104 Mbits/sec    0    263 KBytes       
[  5]   3.00-4.00   sec  12.7 MBytes   106 Mbits/sec    0    263 KBytes       
[  5]   4.00-5.00   sec  13.1 MBytes   110 Mbits/sec    2    134 KBytes       
[  5]   5.00-6.00   sec  13.4 MBytes   113 Mbits/sec    0    147 KBytes       
[  5]   6.00-7.00   sec  12.6 MBytes   105 Mbits/sec    0    158 KBytes       
[  5]   7.00-8.00   sec  12.1 MBytes   101 Mbits/sec    0    173 KBytes       
[  5]   8.00-9.00   sec  12.7 MBytes   106 Mbits/sec    0    182 KBytes       
[  5]   9.00-10.00  sec  12.6 MBytes   106 Mbits/sec    0    188 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   127 MBytes   106 Mbits/sec    2             sender
[  5]   0.00-10.08  sec   125 MBytes   104 Mbits/sec                  receiver

Caveats

Because the agent is running without privileges, it's not possible to forward raw packets. When you perform a NMAP SYN-SCAN, a TCP connect() is performed on the agent.

When using nmap, you should use --unprivileged or -PE to avoid false positives.

Todo

  • Implement other ICMP error messages (this will speed up UDP scans) ;
  • Do not RST when receiving an ACK from an invalid TCP connection (nmap will report the host as up) ;
  • Add mTLS support.

Credits

  • Nicolas Chatelain
  • Jeremie Bedjai (Ligolo-ng-Web)

Extension points exported contracts — how you extend this code

Core symbols most depended-on inside this repo

String
called by 46
pkg/controller/agent.go
Encode
called by 22
pkg/protocol/encoder.go
String
called by 17
pkg/proxy/netinfo/winroute/route_windows.go
Close
called by 17
pkg/agent/handler.go
Decode
called by 13
pkg/protocol/decoder.go
GetTunByName
called by 13
pkg/proxy/netinfo/netinfo_windows.go
InterfaceExist
called by 13
pkg/proxy/netinfo/netinfo.go
Addr
called by 12
pkg/proxy/netinfo/winroute/route_types_windows.go

Shape

Function 106
Method 105
Struct 69
TypeAlias 4
Interface 1

Languages

Go100%

Modules by API surface

pkg/protocol/packets.go22 symbols
pkg/proxy/netstack/stack.go19 symbols
pkg/proxy/netinfo/winroute/route_windows.go17 symbols
pkg/proxy/netstack/tun/wireguard_ep.go16 symbols
pkg/proxy/netinfo/winroute/route_types_windows.go16 symbols
pkg/proxy/netinfo/netinfo_unix.go15 symbols
cmd/proxy/config/ifconfig.go13 symbols
pkg/proxy/netinfo/netinfo_linux.go11 symbols
pkg/proxy/listeners.go11 symbols
pkg/proxy/netinfo/netinfo_windows.go10 symbols
pkg/controller/agent.go10 symbols
cmd/proxy/app/daemon.go10 symbols

Dependencies from manifests, versioned

github.com/AlecAivazis/survey/v2v2.3.5 · 1×
github.com/bytedance/sonicv1.13.2 · 1×
github.com/bytedance/sonic/loaderv0.2.4 · 1×
github.com/cloudwego/base64xv0.1.5 · 1×
github.com/desertbit/closer/v3v3.1.3 · 1×
github.com/desertbit/columnizev2.1.0+incompatible · 1×
github.com/desertbit/go-shlexv0.1.1 · 1×
github.com/desertbit/grumblev1.1.3 · 1×
github.com/desertbit/readlinev1.5.1 · 1×

For agents

$ claude mcp add ligolo-ng \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact