gTunnel : A Robust Tunelling Solution Written In Golang

gTunnel is a TCP tunneling suite built with golang and gRPC. gTunnel can manage multiple forward and reverse tunnels that are all carried over a single TCP/HTTP2 connection.

I wanted to learn a new language, so I picked go and gRPC. Client executable have been tested on windows and linux.

Dependencies

gTunnel has been tested with Docker version 19.03.6, but any version of docker should do.

How to use?

The start_server.sh script will build a docker image and start it with no exposed ports. If you plan on using forward tunnels, make sure to map those ports or to change the docker network.

./start_server.sh

This will eventually provide you with the following prompt:

The first thing to do is generate a client to run on the remote system. For a windows client named “win-client”

>>> configclient win 172.17.0.1 443 win-client

For a linux client named lclient

>>> configclient linux 172.17.0.1 443 lclient

This will output a configured executable in the “configured” directory, relative to ./start_server.sh Once you run the executable on the remote system, you will be notified of the client connecting.

>>> configclient linux 127.0.0.1 443 test
>>> 2020/03/20 22:01:47 Endpoint connected: id: test
>>>

To use the newly connected client, type use and the name of the client. Tab completion is supported.

>>> use test
(test) >>>

The prompt will change to indicate with which endpoint you’re currently working. From here, you can add or remove tunnels. The format is

addtunnel (local | remote) listenPort destinationIP destinationPort

For example, to open a local tunnel on port 4444 to the ip 10.10.1.5 in the remote network on port 445 and name it “smbtun”, the command would be as follows:

addtunnel local 4444 10.10.1.5 445 smbtun

Similarly, to open a port on the remote system on port 666 and forward all traffic to 192.168.1.10 on port 443 in the local network, the command would be as follows:

addtunnel remote 666 192.168.1.10 443

Note that the name is optional, and if not provide, will be given random characters as a name. To list out all active tunnels, use the “listtunnels” command.

(test) >>> listtunnels
Tunnel ID: smbtun
Tunnel ID: dVck5Zba

To delete a tunnel, use the “deltunnel” command:

(test) >>> deltunnel smbtun
Deleting tunnel : smbtun

To start a socks proxy server on target, use the socks command. The following command will start a socks server on port 1080 on the host running gClient. Usually, you will need to create a tunnel from the gTunnel prompt to use the socks server.

socks 1080
addtunnel local 1080 127.0.0.1 1080

To go back and work with another remote system, use the back command:

(test) >>> back
>>>

Notice how the prompt has changed to indicate it is no longer working with a particular client. To disconnect a client from the server, you can either issue the “disconnect” command while using the client, or provide the endpoint id in the main menu.

(test) >>> disconnect
2020/03/20 22:14:52 Disconnecting test
(test) >>> 2020/03/20 22:14:52 Endpoint disconnected: test
>>>

Or

>>> disconnect test
2020/03/20 22:16:00 Disconnecting test
>>> 2020/03/20 22:16:00 Endpoint disconnected: test
>>>

To exit out of the server, run the exit command:

>>> exit

Note that this will remove the docker container, but any tls generated certificates and configured executable will be in the tls/ and configured/ directories.

To Do

  • Reverse tunnel support
  • Multiple tunnel support
  • Better print out support for tunnels. It should s
  • how how many connections are established and ports, etc.
  • Add REST API and implement web UI
  • Dynamic socks proxy support.
  • Authentication between client and server
  • Server configuration file on input with pre-configured tunnels

Known Issues

  • Internet Explorer is causing the client to lock up on reverse tunnels
  • The startup server script should reuse the built image, not create a new one every time.

R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

14 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

14 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

3 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago