{"id":28276779,"url":"https://github.com/ptechgithub/wstunnel","last_synced_at":"2026-05-16T01:34:50.279Z","repository":{"id":213000167,"uuid":"732443191","full_name":"Ptechgithub/wstunnel","owner":"Ptechgithub","description":"Tunnel all your traffic over websocket protocol - Bypass firewalls/DPI - one-click-script","archived":false,"fork":false,"pushed_at":"2023-12-17T20:50:31.000Z","size":182,"stargazers_count":79,"open_issues_count":0,"forks_count":18,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-17T19:43:32.609Z","etag":null,"topics":["reverse-tunnel","socks5-proxy","tcp-tunnel","transparent-proxy","tunneling","udp-tunnel","wireguard","wstunnel"],"latest_commit_sha":null,"homepage":"https://t.me/P_tech2024","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ptechgithub.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2023-12-16T17:32:22.000Z","updated_at":"2025-07-10T19:12:06.000Z","dependencies_parsed_at":"2023-12-17T21:45:11.879Z","dependency_job_id":null,"html_url":"https://github.com/Ptechgithub/wstunnel","commit_stats":null,"previous_names":["ptechgithub/wstunnel"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Ptechgithub/wstunnel","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ptechgithub%2Fwstunnel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ptechgithub%2Fwstunnel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ptechgithub%2Fwstunnel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ptechgithub%2Fwstunnel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ptechgithub","download_url":"https://codeload.github.com/Ptechgithub/wstunnel/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ptechgithub%2Fwstunnel/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33087028,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-15T20:25:35.270Z","status":"ssl_error","status_checked_at":"2026-05-15T20:25:34.732Z","response_time":103,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["reverse-tunnel","socks5-proxy","tcp-tunnel","transparent-proxy","tunneling","udp-tunnel","wireguard","wstunnel"],"created_at":"2025-05-21T05:11:25.804Z","updated_at":"2026-05-16T01:34:50.259Z","avatar_url":"https://github.com/Ptechgithub.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# wstunnel\n\nTunnel all your traffic over websocket protocol - Bypass firewalls/DPI - one-click-script\n\n## Install\n```\nbash \u003c(curl -fsSL https://raw.githubusercontent.com/Ptechgithub/wstunnel/main/install.sh)\n```\n![13](https://raw.githubusercontent.com/Ptechgithub/configs/main/media/14.jpg)\n\n- این اسکریپ نصب wstunnel برای ایجاد یک تونل امن از طریق پروتکل WebSocket استفاده می‌شود.\n- تانل بر بستر websocket \n- تانل بین دو سرور یا (سرور - کلاینت )\n- تانل معکوس \n- امکان نصب روی Termux جهت دور زدن محدودیت پورت udp \n\n### جهت نصب دستی Custom از لیست زیر میتوانید استفاده کنید.\n\n## لیست کامل دستورات\n\n```\nUse the websockets protocol to tunnel {TCP,UDP} traffic\nwsTunnelClient \u003c---\u003e wsTunnelServer \u003c---\u003e RemoteHost\nUse secure connection (wss://) to bypass proxies\n\nClient:\nUsage: wstunnel client [OPTIONS] \u003cws[s]://wstunnel.server.com[:port]\u003e\n\nArguments:\n  \u003cws[s]://wstunnel.server.com[:port]\u003e  Address of the wstunnel server\n                                        Example: With TLS wss://wstunnel.example.com or without ws://wstunnel.example.com\n\nOptions:\n  -L, --local-to-remote \u003c{tcp,udp,socks5,stdio}://[BIND:]PORT:HOST:PORT\u003e\n          Listen on local and forwards traffic from remote. Can be specified multiple times\n          examples:\n          'tcp://1212:google.com:443'      =\u003e       listen locally on tcp on port 1212 and forward to google.com on port 443\n\n          'udp://1212:1.1.1.1:53'          =\u003e       listen locally on udp on port 1212 and forward to cloudflare dns 1.1.1.1 on port 53\n          'udp://1212:1.1.1.1:53?timeout_sec=10'    timeout_sec on udp force close the tunnel after 10sec. Set it to 0 to disable the timeout [default: 30]\n\n          'socks5://[::1]:1212'            =\u003e       listen locally with socks5 on port 1212 and forward dynamically requested tunnel\n\n          'tproxy+tcp://[::1]:1212'        =\u003e       listen locally on tcp on port 1212 as a *transparent proxy* and forward dynamically requested tunnel\n          'tproxy+udp://[::1]:1212?timeout_sec=10'  listen locally on udp on port 1212 as a *transparent proxy* and forward dynamically requested tunnel\n                                                    linux only and requires sudo/CAP_NET_ADMIN\n\n          'stdio://google.com:443'         =\u003e       listen for data from stdio, mainly for `ssh -o ProxyCommand=\"wstunnel client -L stdio://%h:%p ws://localhost:8080\" my-server`\n  -R, --remote-to-local \u003c{tcp,udp}://[BIND:]PORT:HOST:PORT\u003e\n          Listen on remote and forwards traffic from local. Can be specified multiple times.\n          examples:\n          'tcp://1212:google.com:443'      =\u003e     listen on server for incoming tcp cnx on port 1212 and forward to google.com on port 443 from local machine\n          'udp://1212:1.1.1.1:53'          =\u003e     listen on server for incoming udp on port 1212 and forward to cloudflare dns 1.1.1.1 on port 53 from local machine\n          'socks://[::1]:1212'             =\u003e     listen on server for incoming socks5 request on port 1212 and forward dynamically request from local machine\n      --socket-so-mark \u003cINT\u003e\n          (linux only) Mark network packet with SO_MARK sockoption with the specified value.\n          You need to use {root, sudo, capabilities} to run wstunnel when using this option\n  -c, --connection-min-idle \u003cINT\u003e\n          Client will maintain a pool of open connection to the server, in order to speed up the connection process.\n          This option set the maximum number of connection that will be kept open.\n          This is useful if you plan to create/destroy a lot of tunnel (i.e: with socks5 to navigate with a browser)\n          It will avoid the latency of doing tcp + tls handshake with the server [default: 0] \n      --tls-sni-override \u003cDOMAIN_NAME\u003e\n          Domain name that will be use as SNI during TLS handshake\n          Warning: If you are behind a CDN (i.e: Cloudflare) you must set this domain also in the http HOST header.\n                   or it will be flagged as fishy and your request rejected\n      --tls-verify-certificate\n          Enable TLS certificate verification.\n          Disabled by default. The client will happily connect to any server with self signed certificate.\n  -p, --http-proxy \u003chttp://USER:PASS@HOST:PORT\u003e\n          If set, will use this http proxy to connect to the server\n      --http-upgrade-path-prefix \u003cHTTP_UPGRADE_PATH_PREFIX\u003e\n          Use a specific prefix that will show up in the http path during the upgrade request.\n          Useful if you need to route requests server side but don't have vhosts [default: morille]\n      --http-upgrade-credentials \u003cUSER[:PASS]\u003e\n          Pass authorization header with basic auth credentials during the upgrade request.\n          If you need more customization, you can use the http_headers option.\n      --websocket-ping-frequency-sec \u003cseconds\u003e\n          Frequency at which the client will send websocket ping to the server. [default: 30]\n      --websocket-mask-frame\n          Enable the masking of websocket frames. Default is false\n          Enable this option only if you use unsecure (non TLS) websocket server and you see some issues. Otherwise, it is just overhead.\n  -H, --http-headers \u003cHEADER_NAME: HEADER_VALUE\u003e\n          Send custom headers in the upgrade request\n          Can be specified multiple time\n  -h, --help\n          Print help\n\nServer:\nUsage: wstunnel server [OPTIONS] \u003cws[s]://0.0.0.0[:port]\u003e\n\nArguments:\n  \u003cws[s]://0.0.0.0[:port]\u003e  Address of the wstunnel server to bind to\n                            Example: With TLS wss://0.0.0.0:8080 or without ws://[::]:8080\n\nOptions:\n      --socket-so-mark \u003cINT\u003e\n          (linux only) Mark network packet with SO_MARK sockoption with the specified value.\n          You need to use {root, sudo, capabilities} to run wstunnel when using this option\n      --websocket-ping-frequency-sec \u003cseconds\u003e\n          Frequency at which the server will send websocket ping to client.\n      --websocket-mask-frame\n          Enable the masking of websocket frames. Default is false\n          Enable this option only if you use unsecure (non TLS) websocket server and you see some issues. Otherwise, it is just overhead.\n      --restrict-to \u003cDEST:PORT\u003e\n          Server will only accept connection from the specified tunnel information.\n          Can be specified multiple time\n          Example: --restrict-to \"google.com:443\" --restrict-to \"localhost:22\"\n  -r, --restrict-http-upgrade-path-prefix \u003cRESTRICT_HTTP_UPGRADE_PATH_PREFIX\u003e\n          Server will only accept connection from if this specific path prefix is used during websocket upgrade.\n          Useful if you specify in the client a custom path prefix and you want the server to only allow this one.\n          The path prefix act as a secret to authenticate clients\n          Disabled by default. Accept all path prefix. Can be specified multiple time\n      --tls-certificate \u003cFILE_PATH\u003e\n          [Optional] Use custom certificate (.crt) instead of the default embedded self signed certificate.\n      --tls-private-key \u003cFILE_PATH\u003e\n          [Optional] Use a custom tls key (.key) that the server will use instead of the default embedded one\n  -h, --help\n          Print help\n```\n\n\n### مثال:\n\n### ساده‌ترین\nOn your remote host, start the wstunnel's server by typing this command in your terminal\n- سرور (خارج) \n```bash\nwstunnel server ws://[::]:8080\n```\nThis will create a websocket server listening on any interface on port 8080.\nOn the client side use this command to forward traffic through the websocket tunnel\n- کلاینت (سرور داخل) \n```bash\nwstunnel client -L socks5://127.0.0.1:8888 --connection-min-idle 5 ws://myRemoteHost:8080\n```\n\n[لینک اصلی پروژه](https://github.com/erebe/wstunnel/tree/main)\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fptechgithub%2Fwstunnel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fptechgithub%2Fwstunnel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fptechgithub%2Fwstunnel/lists"}