{"id":13840673,"url":"https://github.com/EddieIvan01/iox","last_synced_at":"2025-07-11T09:32:48.554Z","repository":{"id":40647698,"uuid":"242277226","full_name":"EddieIvan01/iox","owner":"EddieIvan01","description":"Tool for port forwarding \u0026 intranet proxy","archived":false,"fork":false,"pushed_at":"2021-03-14T14:02:49.000Z","size":1843,"stargazers_count":964,"open_issues_count":8,"forks_count":171,"subscribers_count":22,"default_branch":"master","last_synced_at":"2024-08-05T17:25:29.417Z","etag":null,"topics":["golang-tools","intranet","pentest","proxy","traffic-forwarding","udp-forwarding"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EddieIvan01.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-02-22T04:08:56.000Z","updated_at":"2024-08-05T16:51:55.000Z","dependencies_parsed_at":"2022-07-14T10:21:35.324Z","dependency_job_id":null,"html_url":"https://github.com/EddieIvan01/iox","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EddieIvan01%2Fiox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EddieIvan01%2Fiox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EddieIvan01%2Fiox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EddieIvan01%2Fiox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EddieIvan01","download_url":"https://codeload.github.com/EddieIvan01/iox/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225712624,"owners_count":17512440,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang-tools","intranet","pentest","proxy","traffic-forwarding","udp-forwarding"],"created_at":"2024-08-04T17:00:51.874Z","updated_at":"2024-11-21T10:30:37.203Z","avatar_url":"https://github.com/EddieIvan01.png","language":"Go","readme":"# iox\n\nEnglish | [中文](https://github.com/EddieIvan01/iox/tree/master/docs/README_CN.md)\n\nTool for port forward \u0026 intranet proxy, just like `lcx`/`ew`, but better\n\n# Why write?\n\n`lcx` and `ew` are awesome, but can be improved.\n\nWhen I first used them, I can't remember these complicated parameters for a long time, such as `tran, slave, rcsocks, sssocks...`. The work mode is clear, why do they design parameters like this(especially `ew`'s `-l -d -e -f -g -h`)\n\nBesides, I think the net programming logic could be optimized. \n\nFor example, while running `lcx -listen 8888 9999` command, client must connect to `:8888` first, then `:9999`, in `iox`, there's no limit to the order in two ports. And while running `lcx -slave 1.1.1.1 8888 1.1.1.1 9999` command, `lcx` will connect two hosts serially, but it's more efficient to connect in concurrent, as `iox` does.\n\nWhat's more, `iox` provides traffic encryption feature (it's useful when there is a IDS on target). Actually, you can use `iox` as a simple ShadowSocks. \n\nAnd `iox` also provides UDP traffic forward.\n\nOf course, because `iox` is written in Go, the static-link-program is a little large, raw program is 2.2MB (800KB after UPX compression)\n\n# Features\n\n+ Traffic encryption (optional)\n+ Humanized CLI option\n+ Logic optimization\n+ UDP traffic forward\n+ TCP multiplexing in reverse proxy mode\n\n# Usage\n\nYou can see, all params are uniform. `-l/--local` means listen on a local port; `-r/--remote` means connect to remote host\n\n**Note: after v0.4, `-l/--local` could specify which IP to listen on. If only ports are specified, the default is `0.0.0.0:PORT`** \n\n```\n-l 127.0.0.1:9999      -l *127.0.0.1:9999      # 127.0.0.1:9999\n-l 9999                -l *9999                # 0.0.0.0:9999\n\n`-l :9999` is also OK, but it's not recommended. Because `-l *:9999`(listen on 0.0.0.0:9999 with encryption) is ambiguous\n```\n\n## Working mode\n\n### fwd\n\nListen on `0.0.0.0:8888` and `0.0.0.0:9999`, forward traffic between 2 connections\n\n```\n./iox fwd -l 8888 -l 9999\n```\n\nListen on `0.0.0.0:8888`, forward traffic to `1.1.1.1:9999`\n\n```\n./iox fwd -l 8888 -r 1.1.1.1:9999\n```\n\nConnect `1.1.1.1:8888` and `1.1.1.1:9999`, forward between 2 connection\n\n```\n./iox fwd -r 1.1.1.1:8888 -r 1.1.1.1:9999\n```\n\n### proxy\n\nStart Socks5 server on `0.0.0.0:1080`\n\n```\n./iox proxy -l 1080\n```\n\nStart Socks5 server on be-controlled host, then forward to internet VPS\n\nVPS forward `0.0.0.0:9999` to `0.0.0.0:1080`\n\nYou must use in a pair, because it contains a simple protocol to control connecting back\n\n```\n./iox proxy -r 1.1.1.1:9999\n./iox proxy -l 9999 -l 1080       // notice, the two port are in order\n\n\nfor ew:\n./ew -s rcsocks -l 1080 -e 9999\n./ew -s rssocks -d 1.1.1.1 -e 9999\n```\n\nThen connect intranet host\n\n```\n# proxychains.conf\n# socks5://1.1.1.1:1080\n\n$ proxychains rdesktop 192.168.0.100:3389\n```\n\n***\n\n## Enable encryption\n\nFor example, we forward 3389 port in the intranet to our VPS\n\n```\n// be-controller host\n./iox fwd -r 192.168.0.100:3389 -r *1.1.1.1:8888 -k 656565\n\n\n// our VPS\n./iox fwd -l *8888 -l 33890 -k 656565\n```\n\nIt's easy to understand: traffic between be-controlled host and our VPS:8888 will be encrypted, the pre-shared secret key is 'AAA', `iox` will use it to generate seed key and nonce **(Normally, nonce shouldn't be reused. But consider that iox's encryption is only for bypassing IDS, in order not to allocate extra space, the TCP stream encryption will reuse the nonce)**, then encrypt with Xchacha20 (replace AES-CTR with Xchacha20 in v0.3 version)\n\nSo, the `*` should be used in pairs\n\n```\n./iox fwd -l 1000 -r *127.0.0.1:1001 -k 000102\n./iox fwd -l *1001 -r *127.0.0.1:1002 -k 000102\n./iox fwd -l *1002 -r *127.0.0.1:1003 -k 000102\n./iox proxy -l *1003 -k 000102\n\n\n$ curl google.com -x socks5://127.0.0.1:1000\n```\n\nUsing `iox` as a simple ShadowSocks \n\n```\n// ssserver\n./iox proxy -l *9999 -k 000102\n\n\n// sslocal\n./iox fwd -l 1080 -r *VPS:9999 -k 000102\n```\n\n## UDP forward\n\nOnly need to add CLI option `-u`\n\n```\n./iox fwd -l 53 -r *127.0.0.1:8888 -k 000102 -u\n./iox fwd -l *8888 -l *9999 -k 000102 -u\n./iox fwd -r *127.0.0.1:9999 -r 8.8.8.8:53 -k 000102 -u\n```\n\n**NOTICE: When you make a multistage connection, the `Remote2Remote-UDP-mode` must be started last, which is the No.3 command in above example**\n\nUDP forwarding may have behavior that is not as you expected. Actually, on GitHub now, there are only examples of forwarding a local listener to a remote host, so I can only implement them with my understanding\n\nYou can find why in the source code. If you have any ideas, PR / issue are welcomed\n\n# License\n\nThe MIT license\n\n","funding_links":[],"categories":["Go","Go (531)"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEddieIvan01%2Fiox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FEddieIvan01%2Fiox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEddieIvan01%2Fiox/lists"}