{"id":13842259,"url":"https://github.com/nicocha30/ligolo-ng","last_synced_at":"2026-01-12T02:49:27.335Z","repository":{"id":37025424,"uuid":"390351016","full_name":"nicocha30/ligolo-ng","owner":"nicocha30","description":"An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.","archived":false,"fork":false,"pushed_at":"2025-03-26T21:12:27.000Z","size":354,"stargazers_count":3326,"open_issues_count":21,"forks_count":334,"subscribers_count":28,"default_branch":"master","last_synced_at":"2025-04-06T05:55:10.896Z","etag":null,"topics":["golang","offensive-security","pentest-tool","pentesting","pivoting","post-exploitation","redteam","tunneling"],"latest_commit_sha":null,"homepage":"https://docs.ligolo.ng","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nicocha30.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["nicocha30"]}},"created_at":"2021-07-28T12:55:36.000Z","updated_at":"2025-04-06T01:45:52.000Z","dependencies_parsed_at":"2023-02-19T00:01:35.001Z","dependency_job_id":"cd91247c-aa8e-40ac-8b65-17714d442b80","html_url":"https://github.com/nicocha30/ligolo-ng","commit_stats":{"total_commits":58,"total_committers":12,"mean_commits":4.833333333333333,"dds":0.7413793103448276,"last_synced_commit":"3e1b2cbd50b879e74bef6fc531282c30a115d4de"},"previous_names":["tnpitsecurity/ligolo-ng"],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicocha30%2Fligolo-ng","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicocha30%2Fligolo-ng/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicocha30%2Fligolo-ng/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicocha30%2Fligolo-ng/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nicocha30","download_url":"https://codeload.github.com/nicocha30/ligolo-ng/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248217081,"owners_count":21066633,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","offensive-security","pentest-tool","pentesting","pivoting","post-exploitation","redteam","tunneling"],"created_at":"2024-08-04T17:01:30.491Z","updated_at":"2026-01-12T02:49:27.324Z","avatar_url":"https://github.com/nicocha30.png","language":"Go","funding_links":["https://github.com/sponsors/nicocha30"],"categories":["Go"],"sub_categories":[],"readme":"# Ligolo-ng : Tunneling like a VPN\n\n![Ligolo Logo](doc/logo.png)\n\nAn advanced, yet simple, tunneling tool that uses TUN interfaces.\n\n[![GPLv3](https://img.shields.io/badge/License-GPLv3-brightgreen.svg)](https://www.gnu.org/licenses/gpl-3.0)\n[![Go Report](https://goreportcard.com/badge/github.com/nicocha30/ligolo-ng)](https://goreportcard.com/report/github.com/nicocha30/ligolo-ng)\n[![GitHub Sponsors](https://img.shields.io/github/sponsors/nicocha30)](https://github.com/sponsors/nicocha30)\n![GitHub Downloads (all assets, all releases)](https://img.shields.io/github/downloads/nicocha30/ligolo-ng/total)\n\n[📑 Ligolo-ng Documentation (Setup/Quickstart)](https://docs.ligolo.ng/)\n\n\u003e [!TIP]\n\u003e Ligolo-ng 0.8 added a lot of new features, including:\n\u003e - 🌐 API and a beautiful Web Interface thanks to [L'ami du Raisin](https://github.com/jeremiebedjai), allowing **multiplayer**!\n\u003e - ⚙️ Simple configuration file, to keep your tunneling/proxy settings\n\u003e - 🚦 **Daemon mode**, to run Ligolo-ng as a service\n\u003e - 🔗 Auto-bind, to **automatically configure tunneling** whenever a specific agent connects\n\u003e - 📶 Easy and automatic (autoroute) route and interface management on **Windows, Linux, MacOS and BSD**!\n\u003e - 💀 Agent kill, to remotely terminate an agent\n\u003e\n\u003e Please try it out! \n\u003e [Release: Ligolo-ng 0.8](https://github.com/nicocha30/ligolo-ng/releases/tag/v0.8)\n\u003e \n\u003e ![Ligolo Web](doc/webui.png)\n\n## Table of Contents\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n- [Introduction](#introduction)\n- [Features](#features)\n- [Demo](#demo)\n- [How is this different from Ligolo/Chisel/Meterpreter... ?](#how-is-this-different-from-ligolochiselmeterpreter-)\n- [How to use - documentation - tutorial](#how-to-use---documentation---tutorial)\n- [Does it require Administrator/root access ?](#does-it-require-administratorroot-access-)\n- [Supported protocols/packets](#supported-protocolspackets)\n- [Performance](#performance)\n- [Caveats](#caveats)\n- [Todo](#todo)\n- [Credits](#credits)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n## Introduction\n\n**Ligolo-ng** is a *simple*, *lightweight* and *fast* tool that allows pentesters to establish\ntunnels from a reverse TCP/TLS connection using a **tun interface** (without the need of SOCKS).\n\n## Features\n\n- **Tun interface** (No more SOCKS/Proxychains!)\n- Simple UI with *agent* selection and *network information*\n- Easy to use and setup\n- Automatic certificate configuration with Let's Encrypt\n- Performant (Multiplexing)\n- Does not require privileges on the *agent*\n- Socket listening/binding on the *agent*\n- Multiple platforms supported for the *agent*\n- Can handle multiple tunnels\n- Reverse/Bind Connection\n- Automatic tunnel/listeners recovery (in case of network issues)\n- Websocket support\n\n## Demo\n\n[Ligolo-ng-demo.webm](https://github.com/nicocha30/ligolo-ng/assets/31402213/3070bb7c-0b0d-4c77-9181-cff74fb2f0ba)\n\n## How is this different from Ligolo/Chisel/Meterpreter... ?\n\nInstead of using a SOCKS proxy or TCP/UDP forwarders, **Ligolo-ng** creates a userland network stack using [Gvisor](https://gvisor.dev/).\n\nWhen running the *relay/proxy* server, a **tun** interface is used, packets sent to this interface are\ntranslated, and then transmitted to the *agent* remote network.\n\nAs an example, for a TCP connection:\n\n- SYN are translated to connect() on remote\n- SYN-ACK is sent back if connect() succeed\n- RST is sent if ECONNRESET, ECONNABORTED or ECONNREFUSED syscall are returned after connect\n- Nothing is sent if timeout\n\nThis allows running tools like *nmap* without the use of *proxychains* (simpler and faster).\n\n## How to use - documentation - tutorial\n\nYou will find the documentation for Ligolo-ng, as well as the steps to follow to get it up and running on the [Ligolo-ng Documentation](https://docs.ligolo.ng/)\n\n## Does it require Administrator/root access ?\n\nOn the *agent* side, no! Everything can be performed without administrative access.\n\nHowever, on your *relay/proxy* server, you need to be able to create a *tun* interface.\n\n## Supported protocols/packets\n\n* TCP\n* UDP\n* ICMP (echo requests)\n\n## Performance\n\nYou can easily hit more than 100 Mbits/sec. Here is a test using `iperf` from a 200Mbits/s server to a 200Mbits/s connection.\n```shell\n$ iperf3 -c 10.10.0.1 -p 24483\nConnecting to host 10.10.0.1, port 24483\n[  5] local 10.10.0.224 port 50654 connected to 10.10.0.1 port 24483\n[ ID] Interval           Transfer     Bitrate         Retr  Cwnd\n[  5]   0.00-1.00   sec  12.5 MBytes   105 Mbits/sec    0    164 KBytes       \n[  5]   1.00-2.00   sec  12.7 MBytes   107 Mbits/sec    0    263 KBytes       \n[  5]   2.00-3.00   sec  12.4 MBytes   104 Mbits/sec    0    263 KBytes       \n[  5]   3.00-4.00   sec  12.7 MBytes   106 Mbits/sec    0    263 KBytes       \n[  5]   4.00-5.00   sec  13.1 MBytes   110 Mbits/sec    2    134 KBytes       \n[  5]   5.00-6.00   sec  13.4 MBytes   113 Mbits/sec    0    147 KBytes       \n[  5]   6.00-7.00   sec  12.6 MBytes   105 Mbits/sec    0    158 KBytes       \n[  5]   7.00-8.00   sec  12.1 MBytes   101 Mbits/sec    0    173 KBytes       \n[  5]   8.00-9.00   sec  12.7 MBytes   106 Mbits/sec    0    182 KBytes       \n[  5]   9.00-10.00  sec  12.6 MBytes   106 Mbits/sec    0    188 KBytes       \n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval           Transfer     Bitrate         Retr\n[  5]   0.00-10.00  sec   127 MBytes   106 Mbits/sec    2             sender\n[  5]   0.00-10.08  sec   125 MBytes   104 Mbits/sec                  receiver\n```\n\n## Caveats\n\nBecause the *agent* is running without privileges, it's not possible to forward raw packets.\nWhen you perform a NMAP SYN-SCAN, a TCP connect() is performed on the agent.\n\nWhen using *nmap*, you should use `--unprivileged` or `-PE` to avoid false positives.\n\n## Todo\n\n- Implement other ICMP error messages (this will speed up UDP scans) ;\n- Do not *RST* when receiving an *ACK* from an invalid TCP connection (nmap will report the host as up) ;\n- Add mTLS support.\n\n## Credits\n\n- Nicolas Chatelain \u003cnicolas -at- chatelain.me\u003e\n- Jeremie Bedjai (Ligolo-ng-Web)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnicocha30%2Fligolo-ng","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnicocha30%2Fligolo-ng","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnicocha30%2Fligolo-ng/lists"}