https://github.com/danielewood/argorat
Argo Tunnel Remote Access Tool
https://github.com/danielewood/argorat
argo-tunnel cloudflare remote-access-tool reverse-proxy
Last synced: 3 months ago
JSON representation
Argo Tunnel Remote Access Tool
- Host: GitHub
- URL: https://github.com/danielewood/argorat
- Owner: danielewood
- License: cc0-1.0
- Created: 2020-04-14T19:42:08.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2020-04-15T01:58:50.000Z (over 5 years ago)
- Last Synced: 2025-04-06T01:43:00.419Z (6 months ago)
- Topics: argo-tunnel, cloudflare, remote-access-tool, reverse-proxy
- Size: 10.7 KB
- Stars: 4
- Watchers: 4
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ArgoRAT
Argo Tunnel Remote Access Tool
**NOTE to Security/Firewall/Systems Engineers:** You can block this entirely from your network by blocking outbound TCP/7844. That is the port used by cloudflared to connect to the Argo network.
## Concept
- Work-in-Porgress
### Client (golang wrapper for cloudflared or just import the sources of cloudflared and add module)
- Gets config from server via HTTPS (token or some other UUID for config mapping on server database)
- Config:
- yaml/JSON of (many) port:service:proto:targethost:comment
- client FriendlyName
- client UUID
- Spawns multiple `cloudflared tunnel` with config from above
- Puts status json to server with current list of tunnels and urls.
### Server
Docker/Linux VM
- Database to store client configs and connection states
- Bridged/Internally NATted NIC to bind arbitrary IP addresses for port forwarding
- DNS with suffix of .argo.domain.com
- ${FriendlyName}.name.argo.domain.com
- ${UUID}.uuid.argo.domain.com
- nginx to rewrite all incoming http/https bound requests to the target argo url
### Desired outcome
ClientConfig.yml:
```yaml
FriendlyName: ClientName
UUID: 7e03c4fe-2b21-42da-af88-77954ce27d98
tunnel: 1
- clientport: 23
- relayport: 23
- targethost: localhost (or 127.0.0.1)
- service: telnet
- proto: tcp
- comment: documentation
tunnel: 2
- clientport: 23
- relayport: 10023
- targethost: host_reachable_from_client.domain.com
- service: telnet
- proto: tcp
- comment: documentation
tunnel: 3
- clientport: 80
- relayport: null
- targethost: host_reachable_from_client.domain.com
- service: webproxy
- proto: http
- comment: configures server nginx proxy_pass to do header rewrites of ${UUID}.uuid.argo.domain.com to aaaa-bbbb-cccc-dddd.trycloudflare.com
tunnel: 4
- clientport: 445
- relayport: 445
- targethost: host_reachable_from_client.domain.com
- service: smb
- proto: tcp
- comment: allows client on lan local to server to connect to smb://${UUID}.uuid.argo.domain.com/share
tunnel: 5
- clientport: 1234
- relayport: 1234
- relaytarget: bbbb-cccc-dddd-eeee.trycloudflare.com
- service: netcat
- reverse: true
- proto: tcp
- comment: causes server to create its own reverse tunnel and share details with the client
```