# nicocha30/ligolo-ng **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/nicocha30-ligolo-ng).** 4,289 stars · 411 forks · Go · gpl-3.0 ## Links - GitHub: https://github.com/nicocha30/ligolo-ng - Homepage: https://docs.ligolo.ng - awesome-repositories: https://awesome-repositories.com/repository/nicocha30-ligolo-ng.md ## Topics `golang` `offensive-security` `pentest-tool` `pentesting` `pivoting` `post-exploitation` `redteam` `security` `tunneling` ## Description Ligolo-ng is a network tunneling framework and control server designed for managing remote agents and coordinating network routing. It functions as a reverse tunneling proxy and a site-to-site VPN tool, utilizing a userland TUN interface to pivot network traffic through remote agents. The project distinguishes itself by using a TUN interface routing system to forward TCP, UDP, and ICMP traffic through multiple remote agents. It implements a C2 model where a central server manages remote agents to bypass firewall restrictions and provide direct subnet access to isolated networks. The system covers a broad range of networking capabilities, including multi-hop pivot routing, protocol-agnostic packet encapsulation, and mutual authentication via automated certificate management. It also provides tools for network agent management, persistent route definition, and remote traffic redirection. ## Tags ### Artificial Intelligence & ML - [Network Agent Management Servers](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-systems-frameworks/integration-deployment/infrastructure-runtime-environments/agent-servers/network-agent-management-servers.md) — Provides a central control server that manages remote agents, handles tunnels, and provides automatic recovery from network failures. - [Unprivileged Agent Operations](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-systems-frameworks/agent-capabilities-skills-tooling/ai-agent-capabilities/dynamic-agent-switching/on-the-fly-agent-provisioning/unprivileged-agent-operations.md) — Operates the agent component without needing administrative or root permissions on the target machine. ([source](https://cdn.jsdelivr.net/gh/nicocha30/ligolo-ng@master/README.md)) ### Networking & Communication - [Agent-Managed TUN VPNs](https://awesome-repositories.com/f/networking-communication/tun-interface-pivots/agent-managed-tun-vpns.md) — Provides an agent-managed VPN that creates a TUN interface on the relay server to tunnel traffic to isolated networks. - [Network Pivoting Tools](https://awesome-repositories.com/f/networking-communication/network-pivoting-tools.md) — Routes network traffic through remote agents to access isolated networks and bypass firewall restrictions. - [Tunnel Agents](https://awesome-repositories.com/f/networking-communication/peer-to-peer-networking/tunnel-agents.md) — Selects agents, views network details, and handles several tunnels at once with automatic recovery from network issues. ([source](https://cdn.jsdelivr.net/gh/nicocha30/ligolo-ng@master/README.md)) - [Reverse Proxy Tunneling Tools](https://awesome-repositories.com/f/networking-communication/reverse-proxy-tunneling-tools.md) — Establishes tunnels initiated from remote agents to a central server for accessing internal networks without inbound ports. - [Multiplexed](https://awesome-repositories.com/f/networking-communication/reverse-tunnels/multiplexed.md) — Multiplexes multiple TCP, UDP, and ICMP connections over a single reverse tunnel connection. - [Multi-Hop Routing](https://awesome-repositories.com/f/networking-communication/traffic-routing/multi-hop-routing.md) — Forwards traffic through multiple agents in sequence to reach deeply nested network environments. - [Agent-Based](https://awesome-repositories.com/f/networking-communication/traffic-tunneling/agent-based.md) — Creates a virtual network interface on the relay server that forwards packets to a remote agent over a reverse connection. ([source](https://cdn.jsdelivr.net/gh/nicocha30/ligolo-ng@master/README.md)) - [TUN Interface Pivots](https://awesome-repositories.com/f/networking-communication/tun-interface-pivots.md) — Routes network traffic by creating a virtual TUN interface that forwards raw IP packets through the tunnel. - [Multi-Protocol Packet Encapsulation](https://awesome-repositories.com/f/networking-communication/communication-protocols-architectures/communication-protocols-standards/network-transport-layers/pluggable-transport-layers/protocol-encapsulation/multi-protocol-packet-encapsulation.md) — Forwards TCP, UDP, and ICMP traffic through a single encrypted tunnel without protocol-specific handling. - [High-Throughput Tunnels](https://awesome-repositories.com/f/networking-communication/network-tunnels/high-throughput-tunnels.md) — Multiplexes connections to sustain transfer rates exceeding 100 Mbits per second through the tunnel. ([source](https://cdn.jsdelivr.net/gh/nicocha30/ligolo-ng@master/README.md)) - [Bidirectional Tunnel Initiation](https://awesome-repositories.com/f/networking-communication/reverse-tunnels/bidirectional-tunnel-initiation.md) — Creates tunnels initiated from the agent or from the relay server to suit different network setups. ([source](https://cdn.jsdelivr.net/gh/nicocha30/ligolo-ng@master/README.md)) - [Site-to-Site VPN Networking](https://awesome-repositories.com/f/networking-communication/site-to-site-vpn-networking.md) — Connects separate networks as if they were directly linked using a TUN interface and encrypted tunnels. - [Multi-Hop Routing](https://awesome-repositories.com/f/networking-communication/wireguard-vpn-orchestrators/multi-hop-routing.md) — Forwards traffic through multiple remote agents in sequence for multi-hop routing. ### DevOps & Infrastructure - [Remote Management Agents](https://awesome-repositories.com/f/devops-infrastructure/remote-management-agents.md) — Manages and controls remote agents from a central server to provide direct subnet access and traffic redirection. ### Security & Cryptography - [Certificate-Based Authentication](https://awesome-repositories.com/f/security-cryptography/identity-access-management/identity-management/server-authenticity-verification/certificate-based-authentication.md) — Uses automated TLS certificate management to authenticate both the server and remote agents. - [Userspace Network Stacks](https://awesome-repositories.com/f/security-cryptography/network-isolation/userspace-network-stacks.md) — Implements network protocol handling entirely in user space without requiring kernel module modifications. - [TLS and WebSocket Tunnel Encryption](https://awesome-repositories.com/f/security-cryptography/secure-tunneling/tls-and-websocket-tunnel-encryption.md) — Encrypts the tunnel connection using TLS and optionally sends it over WebSocket to work through restrictive networks. ([source](https://cdn.jsdelivr.net/gh/nicocha30/ligolo-ng@master/README.md)) ### System Administration & Monitoring - [Command-and-Control Models](https://awesome-repositories.com/f/system-administration-monitoring/agent-server-polling-models/command-and-control-models.md) — Provides a central control server that manages remote agents and coordinates routing decisions. ### Part of an Awesome List - [Network Exploitation and Tunneling](https://awesome-repositories.com/f/awesome-lists/security/network-exploitation-and-tunneling.md) — Lightweight tool for establishing network tunnels via reverse connections. - [Network Tunneling](https://awesome-repositories.com/f/awesome-lists/security/network-tunneling.md) — Advanced tunneling tool utilizing a TUN interface.