Skip to content

Commit

Permalink
push v5.0.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@L-codes
L-codes committed Dec 24, 2022
1 parent a86a78d commit d160ac8
Show file tree
Hide file tree
Showing 2 changed files with 80 additions and 112 deletions.
103 changes: 43 additions & 60 deletions README-en.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,39 +4,33 @@

**Neo-reGeorg** is a project designed to actively restructure [reGeorg](https://github.com/sensepost/reGeorg) with the aim of:

* Improve tunnel connection security
* Improve usability and avoid feature detection
* Improve tunnel connection security
* Improve the confidentiality of transmission content
* Solve the existing problems of reGeorg and fix some small bugs

> This tool is limited to safety research and teaching, and the user assumes all legal and related responsibilities caused by the use of this tool! The author does not bear any legal and related responsibilities!
## Version

3.8.1 - [Change Log](CHANGELOG-en.md)
5.0.0 - [Change Log](CHANGELOG-en.md)


## Features

* Transfer content through out-of-order base64 encryption
* GET request response can be customized (such as masquerading 404 pages)
* HTTP Headers instructions are randomly generated to avoid feature detection
* The transmission content is encrypted by deformed base64 and disguised as base64 encoding
* Use BLV (Byte-LengthOffset-Value) data format to transmit data
* Direct request response can be customized (such as a disguised 404 page)
* HTTP Headers can be customized
* Custom HTTP response code
* Multiple URLs random requests
* Server-node DNS resolution
* Multiple URL random requests
* Server-side DNS resolution
* Compatible with python2 / python3
* High compatibility of the server environment
* (only php) Refer to [pivotnacci](https://github.com/blackarrowsec/pivotnacci) to implement a single `SESSION` to create multiple TCP connections to deal with some load balancing scenarios
* aspx/ashx/jsp/jspx no longer relies on Session, and can run normally in harsh environments such as cookie-free
* (non-php) Support HTTP forwarding, coping with load balancing environment


## Dependencies

* [**requests**] - https://github.com/kennethreitz/requests


* High compatibility of the server environment, such as the server is unstable, the server is only deployed on some machines under load balancing and other special circumstances
* (php only) Refer to [pivotnacci](https://github.com/blackarrowsec/pivotnacci) to create multiple TCP connections for a single session, to deal with some load balancing scenarios
* aspx/ashx/jsp/jspx no longer depends on Session, and can run normally in harsh environments such as no cookies
* (non-php) supports intranet forwarding to deal with load balancing environment
* Support process to start the server to deal with more scenarios


## Basic Usage
Expand All @@ -47,14 +41,12 @@ Set the password to generate tunnel server.(aspx|ashx|jsp|jspx|php) and upload i
$ python neoreg.py generate -k password

[+] Create neoreg server files:
=> neoreg_servers/tunnel.jsp
=> neoreg_servers/tunnel.jspx
=> neoreg_servers/tunnel_compatibility.jspx
=> neoreg_servers/tunnel.php
=> neoreg_servers/tunnel.ashx
=> neoreg_servers/tunnel.aspx
=> neoreg_servers/tunnel.jsp
=> neoreg_servers/tunnel_compatibility.jsp

=> neoreg_servers/tunnel.php
=> neoreg_servers/tunnel.go
```

* **Step 2.**
Expand All @@ -69,10 +61,6 @@ $ python3 neoreg.py -k password -u http://xx/tunnel.php
+------------------------------------------------------------------------+
```

Note that if your tool, such as `nmap` does not support socks5 proxy, please use [proxychains](https://github.com/rofl0r/proxychains-ng)




## Advanced Usage

Expand Down Expand Up @@ -107,6 +95,12 @@ $ python neoreg.py -k <you_password> -u <url> -r <redirect_url>
$ python neoreg.py -k <you_password> -u <url> -t <ip:port>
```

7. Support the creation process to start a new Neoreg server-side, which can deal with harsh special environments
```ruby
$ go run neoreg_servers/tunnel.go 8000
$ python3 neoreg.py -k password -u http://127.0.0.1:8000/anysting
```

* For more information on performance and stability parameters, refer to -h help information
```ruby
# Generate server-side scripts
Expand All @@ -123,35 +117,35 @@ $ python neoreg.py generate -h
-f FILE, --file FILE Camouflage html page file
-c CODE, --httpcode CODE
Specify HTTP response code. When using -r, it is
recommended to <400. (default: 200)
--read-buff Bytes Remote read buffer. (default: 513)
--max-read-size KB Remote max read size. (default: 512)
recommended to <400 (default: 200)
--read-buff Bytes Remote read buffer (default: 513)
--max-read-size KB Remote max read size (default: 512)

# Connection server
$ python neoreg.py -h
usage: neoreg.py [-h] -u URI [-r URL] [-t IP:PORT] -k KEY [-l IP] [-p PORT]
[-s] [-H LINE] [-c LINE] [-x LINE] [--php-connect-timeout S]
[--local-dns] [--read-buff KB] [--read-interval MS]
[--write-interval MS] [--max-threads N] [--cut-left N]
[--cut-right N] [-v]
usage: neoreg.py [-h] -u URI [-r URL] [-R] [-t IP:PORT] -k KEY [-l IP]
[-p PORT] [-s] [-H LINE] [-c LINE] [-x LINE]
[--php-connect-timeout S] [--local-dns] [--read-buff KB]
[--read-interval MS] [--write-interval MS] [--max-threads N]
[--max-retry N] [--cut-left N] [--cut-right N]
[--extract EXPR] [-v]

Socks server for Neoreg HTTP(s) tunneller. DEBUG MODE: -k
(debug_all|debug_base64|debug_headers_key|debug_headers_values)
Socks server for Neoreg HTTP(s) tunneller (DEBUG MODE: -k debug)

optional arguments:
-h, --help show this help message and exit
-u URI, --url URI The url containing the tunnel script
-r URL, --redirect-url URL
Intranet forwarding the designated server (only
jsp(x))
-R, --force-redirect Forced forwarding (only jsp -r)
-t IP:PORT, --target IP:PORT
Network forwarding Target, After setting this
parameter, port forwarding will be enabled
-k KEY, --key KEY Specify connection key
-l IP, --listen-on IP
The default listening address.(default: 127.0.0.1)
The default listening address (default: 127.0.0.1)
-p PORT, --listen-port PORT
The default listening port.(default: 1080)
The default listening port (default: 1080)
-s, --skip Skip usability testing
-H LINE, --header LINE
Pass custom header LINE to server
Expand All @@ -160,16 +154,18 @@ $ python neoreg.py -h
-x LINE, --proxy LINE
Proto://host[:port] Use proxy on given port
--php-connect-timeout S
PHP connect timeout.(default: 0.5)
PHP connect timeout (default: 0.5)
--local-dns Use local resolution DNS
--read-buff KB Local read buffer, max data to be sent per
POST.(default: 7, max: 50)
--read-interval MS Read data interval in milliseconds.(default: 300)
--write-interval MS Write data interval in milliseconds.(default: 200)
--max-threads N Proxy max threads.(default: 1000)
--read-buff KB Local read buffer, max data to be sent per POST
(default: 7, max: 50)
--read-interval MS Read data interval in milliseconds (default: 300)
--write-interval MS Write data interval in milliseconds (default: 200)
--max-threads N Proxy max threads (default: 400)
--max-retry N Proxy max threads (default: 10)
--cut-left N Truncate the left side of the response body
--cut-right N Truncate the right side of the response body
--extract EXPR Manually extract BODY content. (eg: <html><p>REGBODY</p></html> )
--extract EXPR Manually extract BODY content (eg:
<html><p>NEOREGBODY</p></html> )
-v Increase verbosity level (use -vv or more for greater
effect)
```
Expand All @@ -179,19 +175,6 @@ $ python neoreg.py -h

* When running `neoreg.py` with high concurrency on Mac OSX, a large number of network requests will be lost. You can use `ulimit -n 2560` to modify the "maximum number of open files" of the current shell.

* For Tomcat5 and other low jdk versions, use `tunnel_compatibility.jsp(x)`



## TODO

* HTTP body steganography

* Transfer Target field steganography

* Problem of ignoring the verification of https in the intranet forwarding



## License

Expand Down
89 changes: 37 additions & 52 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,41 +4,34 @@

**Neo-reGeorg** 是一个旨在积极重构 [reGeorg](https://github.com/sensepost/reGeorg) 的项目,目的是:

* 提高 tunnel 连接安全性
* 提高可用性,避免特征检测
* 提高 tunnel 连接安全性
* 提高传输内容保密性
* 应对更多的网络环境场景
* 应对更多的网络环境场景下使用

> 此工具仅限于安全研究和教学,用户承担因使用此工具而导致的所有法律和相关责任! 作者不承担任何法律和相关责任!

## Version

3.8.1 - [版本修改日志](CHANGELOG.md)

5.0.0 - [版本修改日志](CHANGELOG.md)


## Features

* 传输内容经过变形 base64 加密,伪装成 base64 编码
* 采用 BLV (Byte-LengthOffset-Value) 数据格式传输数据
* 直接请求响应可定制化 (如伪装的404页面)
* HTTP Headers 的指令随机生成,避免特征检测
* HTTP Headers 可定制化
* 自定义 HTTP 响应码
* 多 URL 随机请求
* 服务端 DNS 解析
* 兼容 python2 / python3
* 服务端环境的高兼容性
* 服务端环境的高兼容性,如服务器不稳定、负载均衡下只在部分机器上部署了服务端等特殊情况
* (仅 php) 参考 [pivotnacci](https://github.com/blackarrowsec/pivotnacci) 实现单 Session 创建多 TCP 连接,应对部分负载均衡场景
* aspx/ashx/jsp/jspx 已不再依赖 Session,可在无 Cookie 等恶劣环境正常运行
* (非 php) 支持内网转发,应对负载均衡环境



## Dependencies

* [**requests**] - https://github.com/kennethreitz/requests

* 支持进程形式启动服务端,应对更多场景


## Basic Usage
Expand All @@ -49,14 +42,12 @@
$ python neoreg.py generate -k password

[+] Create neoreg server files:
=> neoreg_servers/tunnel.jsp
=> neoreg_servers/tunnel.jspx
=> neoreg_servers/tunnel_compatibility.jspx
=> neoreg_servers/tunnel.php
=> neoreg_servers/tunnel.ashx
=> neoreg_servers/tunnel.aspx
=> neoreg_servers/tunnel.jsp
=> neoreg_servers/tunnel_compatibility.jsp

=> neoreg_servers/tunnel.php
=> neoreg_servers/tunnel.go
```

* **Step 2.**
Expand All @@ -71,10 +62,6 @@ $ python3 neoreg.py -k password -u http://xx/tunnel.php
+------------------------------------------------------------------------+
```

注意,如果你的工具,如 nmap 不支持 socks5 代理设置,请使用 [proxychains](https://github.com/rofl0r/proxychains-ng)




## Advanced Usage

Expand Down Expand Up @@ -109,6 +96,12 @@ $ python neoreg.py -k <you_password> -u <url> -r <redirect_url>
$ python neoreg.py -k <you_password> -u <url> -t <ip:port>
```

7. 支持创建进程另起 Neoreg 服务端,可应对恶劣的特殊环境 (自行脑补) :)
```ruby
$ go run neoreg_servers/tunnel.go 8000
$ python3 neoreg.py -k password -u http://127.0.0.1:8000/anysting
```

* 更多关于性能和稳定性的参数设置参考 -h 帮助信息
```ruby
# 生成服务端脚本
Expand All @@ -125,35 +118,36 @@ $ python neoreg.py generate -h
-f FILE, --file FILE Camouflage html page file
-c CODE, --httpcode CODE
Specify HTTP response code. When using -r, it is
recommended to <400. (default: 200)
--read-buff Bytes Remote read buffer. (default: 513)
--max-read-size KB Remote max read size. (default: 512)
recommended to <400 (default: 200)
--read-buff Bytes Remote read buffer (default: 513)
--max-read-size KB Remote max read size (default: 512)

# 连接服务端
$ python neoreg.py -h
usage: neoreg.py [-h] -u URI [-r URL] [-t IP:PORT] -k KEY [-l IP] [-p PORT]
[-s] [-H LINE] [-c LINE] [-x LINE] [--php-connect-timeout S]
[--local-dns] [--read-buff KB] [--read-interval MS]
[--write-interval MS] [--max-threads N] [--cut-left N]
[--cut-right N] [-v]
usage: neoreg.py [-h] -u URI [-r URL] [-R] [-t IP:PORT] -k KEY [-l IP]
[-p PORT] [-s] [-H LINE] [-c LINE] [-x LINE]
[--php-connect-timeout S] [--local-dns] [--read-buff KB]
[--read-interval MS] [--write-interval MS] [--max-threads N]
[--max-retry N] [--cut-left N] [--cut-right N]
[--extract EXPR] [-v]

Socks server for Neoreg HTTP(s) tunneller. DEBUG MODE: -k
(debug_all|debug_base64|debug_headers_key|debug_headers_values)
Socks server for Neoreg HTTP(s) tunneller (DEBUG MODE: -k debug)

optional arguments:
-h, --help show this help message and exit
-u URI, --url URI The url containing the tunnel script
-r URL, --redirect-url URL
Intranet forwarding the designated server (only
jsp(x))
-R, --force-redirect Forced forwarding (only jsp -r)
-t IP:PORT, --target IP:PORT
Network forwarding Target, After setting this
parameter, port forwarding will be enabled
-k KEY, --key KEY Specify connection key
-l IP, --listen-on IP
The default listening address.(default: 127.0.0.1)
The default listening address (default: 127.0.0.1)
-p PORT, --listen-port PORT
The default listening port.(default: 1080)
The default listening port (default: 1080)
-s, --skip Skip usability testing
-H LINE, --header LINE
Pass custom header LINE to server
Expand All @@ -162,16 +156,18 @@ $ python neoreg.py -h
-x LINE, --proxy LINE
Proto://host[:port] Use proxy on given port
--php-connect-timeout S
PHP connect timeout.(default: 0.5)
PHP connect timeout (default: 0.5)
--local-dns Use local resolution DNS
--read-buff KB Local read buffer, max data to be sent per
POST.(default: 7, max: 50)
--read-interval MS Read data interval in milliseconds.(default: 300)
--write-interval MS Write data interval in milliseconds.(default: 200)
--max-threads N Proxy max threads.(default: 1000)
--read-buff KB Local read buffer, max data to be sent per POST
(default: 7, max: 50)
--read-interval MS Read data interval in milliseconds (default: 300)
--write-interval MS Write data interval in milliseconds (default: 200)
--max-threads N Proxy max threads (default: 400)
--max-retry N Proxy max threads (default: 10)
--cut-left N Truncate the left side of the response body
--cut-right N Truncate the right side of the response body
--extract EXPR Manually extract BODY content. (eg: <html><p>REGBODY</p></html> )
--extract EXPR Manually extract BODY content (eg:
<html><p>NEOREGBODY</p></html> )
-v Increase verbosity level (use -vv or more for greater
effect)
```
Expand All @@ -181,17 +177,6 @@ $ python neoreg.py -h

* Mac OSX 上运行 `neoreg.py` 时,高并发请求会出现网络丢包情况,可通过 `ulimit -n 2560` 修改当前 shell 的 "最大文件打开数"

* Tomcat5 等 jdk 低版本情况,用 `tunnel_compatibility.jsp(x)` 即可



## TODO

* HTTP body 隐写

* 传输 Target 隐写

* 内网转发 https 的验证忽略


## License
Expand Down

0 comments on commit d160ac8

Please sign in to comment.