A robust Red Team proxy written in Go.

Overview

GoWard

A robust and rapidly-deployable Red Team proxy with strong OPSEC considerations.

Description

Generally, Red Teams and adversary's redirect their traffic through proxies to protect their backend infrastructure. GoWard proxies HTTP C2 traffic to specified Red Team servers based on the HTTP header of the traffic.

GoWard's intent is to help obfuscate Red Team traffic and provide some level of resiliency against Blue Team investigation and mitigation.


                   _        _
                  | \__/\__/ |
           ___    |  '.||.'  |             _
          / _ \___|__/ || \__|__ _ _ __ __| |
         / /_\/ _ \--\ || /--/ _' | '__/ _' |
        / /_\\ (_) \  \||/  / (_| | | | (_| |
        \____/\___/ \  ||  / \__,_|_|  \__,_|
                     '.||.'


                        GoWard (v0.0.1)


Usage of GoWard.exe:
  -password string
        Required.
        Specify the password for the admin panel.
                Ex: -password=pass
  -proxies int
        Required.
        Specify the number of proxies.
                Ex: -proxies=3
  -target string
        Optional.
        Specify a target URL to impersonate and use. If none specificed, default will be used.
                Ex: -target=https://www.somewebsite.co/

Features

  • Dynamically proxies traffic based on HTTP header.

  • Portable and rapidly-deployable.

  • Serves an impersonated webpage on port 80, which can be randomly selected from a list of real websites or specified by the user upon startup.

  • Logs web requests, admin panel access, and admin panel login attempts.

  • Obfuscated admin panel for alternate means of remote administration through website.

  • Periodic health checks with backend infrastructure.

Basic Usage

Getting Started

GoWard is compatible with both Windows and Linux (Thanks to Go), just specify the host OS when it's built.

Once compiled and on the host which will serve as the proxy, start the program with the desired configurations. The "password" and the "proxies" fields are required.

Currently, the options are:

  • -password: The login password for the admin panel. Non-persistent and no default password.

  • -proxies: The number of proxies to be configured. After startup, user will input proxy information one at a time.

  • -target: The URL of a real website to impersonate. NOTE: Understand the potential implications of impersonating another webpage and ensure proper permissions have been received before doing so.

$ GoWard [email protected] -proxies=3 -target=https://www.somewebsite.co

Expected Output

Upon startup, GoWard will accept the proxy information from the user before starting the server:

[...]
Enter header for proxy 1: notsuspicious.com
Enter IP followed by port for proxy 1 (I.E. http://IP:PORT): http://192.168.1.244:9001
[...]

Additionally, GoWard will generate a log file. Verbose program output can be found there. In the console, GoWard will display what site it impersonated, along with periodic backend health checks.

[...]
Server started. For more verbose output, see log file: 20211231_GoWard.log
Serving impersonated webpage: https://www.somewebsite.co
Admininstration panel can be remotely accessed at /LbuBIxg/GlHglfShxH/WuWvib/tKzVlx
[...]

Webpage Impersonation

GoWard will either use the provided URL to impersonate the webpage or, if none provided, randomly select a URL from the string array in server/init.go.

By serving an actual webpage, GoWard can help improve a Red Team's OPSEC by providing better resiliency against investigation.

Administration Panel

GoWard will randomly generate an administration panel link upon every start-up (not persistent between sessions). Navigating to this link will provide an alternate means to remotely administrate the proxy.

Currently, the admin panel supports:

  • Total web requests

  • Backend infrastructure status

C2 Framework Compatibility

GoWard has been tested successfully with:

Note: Although it may not be listed, GoWard should function properly with any C2 Framework that allows for alteration of implant HTTP headers.

Future Features

  • Admin panel upgrades:

    • Display current proxied connections

    • More verbose data comp on web requests and connection statuses.

    • Long Term: Quick-reference status tracking for implants.

    • Long Term: Alter HTTP header and proxy information on the fly.

  • HTTPS C2 traffic support

  • Flag for .txt file input of header/proxy information

  • Flag for .txt file input of target URLs to impersonate

  • Long Term: CLI implementation

  • More!

Versions

0.0.1:

  • Initial release

References

  • Black Hat Go - Useful information and examples for offensive security usages of Go.

  • Gorilla Web Toolkit - A lot of useful Go modules for HTTP-based applications.

Disclaimer

This open source project is meant to be used with explicit authorization from any entity it affects (perceived or actual). This programs use in conjunction with offensive security tools should only take place in an approved assessment of an organization's security or for authorized research. Misuse of this software is not the responsibility of the author.

To Make frp with no arguments and ini file ,which Conveniently in red teaming

frpBuilder To Make frp with no arguments ,which Conveniently in red teaming I will give a simple modified source code of frp and Builder(MFC C++) in t

evilash 25 Apr 29, 2022
Glue - Robust Go and Javascript Socket Library (Alternative to Socket.io)

Glue - Robust Go and Javascript Socket Library Glue is a real-time bidirectional socket library. It is a clean, robust and efficient alternative to so

DesertBit 402 May 25, 2022
A repository for the X-Team community to collaborate and learn solutions to most coding challenges to help prepare for their interviews.

Community Coding Challenge Handbook This repository focuses on helping X-Teamers and community members to thrive through coding challenges offering so

X-Team 118 May 7, 2022
Trello backend repo for Ladno Davayte Bez Roflov team

Trello Trello backend repository for Ladno Davayte Bez Roflov team, autumn of 2021. Team Anton Chumakov; Alexander Orletskiy; Georgij Sedojkin; Dmitri

null 3 Dec 25, 2021
It's an auxiliary tool ,and it helps the blue team track the attackers

pdog pdog -> Threat Intelligence pdog -> OSINT It's an auxiliary tool ,and it helps the blue team track the attackers Example useage: Usage: [comma

dGVzdA== 0 Dec 22, 2021
Mob-code-server - Mob programming - a software development approach where the whole team works on the same thing

For those times when you need a ready to use server with a little more horse pow

Slim.AI 5 Feb 2, 2022
A research implementation of team rocket's leaderless consensus protocol

rocket A research implementation of team rocket's leaderless consensus protocol backlog Run consensus tests with agents that have corrupted configurat

Ad van der Veer 0 Feb 1, 2022
An experimental Tor-Proxy serivce written in Go using Go-proxy and Go-libtor.

tor-proxy An experimental standalone tor-proxy service built with Go, using go-proxy, go-libtor and bine. This is a simple replacement to Tor's origin

Narasimha Prasanna HN 36 Jun 14, 2022
mt-multiserver-proxy is a reverse proxy designed for linking multiple Minetest servers together

mt-multiserver-proxy mt-multiserver-proxy is a reverse proxy designed for linking multiple Minetest servers together. It is the successor to multiserv

null 9 May 18, 2022
A simple tool to convert socket5 proxy protocol to http proxy protocol

Socket5 to HTTP 这是一个超简单的 Socket5 代理转换成 HTTP 代理的小工具。 如何安装? Golang 用户 # Required Go 1.17+ go install github.com/mritd/[email protected] Docker 用户 docker pull m

mritd 6 Jun 25, 2022
IP2Proxy Go package allows users to query an IP address to determine if it was being used as open proxy, web proxy, VPN anonymizer and TOR exits.

IP2Proxy Go Package This package allows user to query an IP address if it was being used as VPN anonymizer, open proxies, web proxies, Tor exits, data

IP2Location 13 Apr 16, 2022
Tcp-proxy - A dead simple reverse proxy server.

tcp-proxy A proxy that forwords from a host to another. Building go build -ldflags="-X 'main.Version=$(git describe --tags $(git rev-list --tags --max

Injamul Mohammad Mollah 0 Jan 2, 2022
Proxy - Minimalistic TCP relay proxy.

Proxy Minimalistic TCP relay proxy. Installation ensure you have go >= 1.17 installed clone the repo cd proxy go install main.go Examples Listen on po

null 1 May 22, 2022
Http-logging-proxy - A HTTP Logging Proxy For Golang

http-logging-proxy HTTP Logging Proxy Description This project builds a simple r

null 1 Feb 11, 2022
Battlesnake-logging-proxy - A little proxy between the internet and your battlesnake

battlesnake-logging-proxy a little proxy between the internet and your battlesna

Penelope Phippen 3 Feb 11, 2022
Multi-threaded socks proxy checker written in Go!

Soxy - a very fast tool for checking open SOCKS proxies in Golang I was looking for some open socks proxies, and so I needed to test them - but really

pry0cc 45 Jun 13, 2022
HTTP proxy written in Go. COW can automatically identify blocked sites and use parent proxies to access.

COW (Climb Over the Wall) proxy COW 是一个简化穿墙的 HTTP 代理服务器。它能自动检测被墙网站,仅对这些网站使用二级代理。 English README. 当前版本:0.9.8 CHANGELOG 欢迎在 develop branch 进行开发并发送 pull

Chen Yufei 8.3k Jun 17, 2022
A small TCP proxy written in Go

tcp-proxy A small TCP proxy written in Go This project was intended for debugging text-based protocols. The next version will address binary protocols

Jaime Pillora 627 Jun 28, 2022