All-in-one Network Gateway for Malware analysis

Related tags

Network aio-gw
Overview

aio-gw

[EXPERIMENTAL]: All-in-one Network Gateway for Malware analysis. currently at Alpha stage.

HELP NEEDED: if you're keen to contribute to aio-gw, ping me! Lots to be done :)

TODO:

  • settings page does not have a way to fetch and save data
  • admin page does not have authentication support
  • settings enforcement outside the management component is not done
  • outbound options as well as option fields in html are not working

requirements

A clean VM with podman 2.0+ installed. Since AIO-GW works with nftables, any iptables installation with nat table configured will conflict, hence docker is not supported

I tested this with Alpine 3.14 and ran the following commands to get the required packages installed and running:

apk add podman
service podman start
rc-service cgroups start
rc-update add cgroups default

Ideally, the VM needs two network intefaces, one for incoming connections, one for outgoing. aio-gw will try to set itself up according to current routing table.

enable VM's IP forwarding:

sudo sysctl net.ipv4.ip_forward=1
sudo sysctl net.ipv6.conf.all.forwarding=1

Default containers running

  • Elasticsearch: acts as the main storage backend
  • Arkime: packet capture indexing tool
  • PolarProxy: performs MITM and pushes the intercepted sessions via pcap-over-ip protocol to Arkime

Troubleshoot

  • delete nft tables:
nft delete table nat
nft delete table ip6 nat
  • delete rules:

nft flush ruleset

  • list table rules:
nft list table nat
nft list table ip6 nat
nft list ruleset
  • adding postrouting masquarade:
nft 'add chain nat postrouting { type nat hook postrouting priority 100 ; }'
nft add rule nat postrouting masquerade
  • create table
nft add table nat
nft 'add chain nat prerouting { type nat hook prerouting priority -100 ; }'
  • sample forwarding rule
nft 'add rule nat prerouting tcp dport 443 counter dnat :10443'
You might also like...
A simple network analyzer that capture http network traffic
A simple network analyzer that capture http network traffic

httpcap A simple network analyzer that captures http network traffic. support Windows/MacOS/Linux/OpenWrt(x64) https only capture clienthello colorful

Zero Trust Network Communication Sentinel provides peer-to-peer, multi-protocol, automatic networking, cross-CDN and other features for network communication.
Zero Trust Network Communication Sentinel provides peer-to-peer, multi-protocol, automatic networking, cross-CDN and other features for network communication.

Thank you for your interest in ZASentinel ZASentinel helps organizations improve information security by providing a better and simpler way to protect

Super fault-tolerant gateway for HTTP clusters, written in Go. White paper for reference - https://github.com/gptankit/serviceq-paper
Super fault-tolerant gateway for HTTP clusters, written in Go. White paper for reference - https://github.com/gptankit/serviceq-paper

ServiceQ ServiceQ is a fault-tolerant gateway for HTTP clusters. It employs probabilistic routing to distribute load during partial cluster shutdown (

Crank4go API Gateway Brief Introduction It is a Golang implementation of Crank4j
Crank4go API Gateway Brief Introduction It is a Golang implementation of Crank4j

Crank4go API Gateway Brief Introduction It is a Golang implementation of Crank4j, which derived from Cranker. the follow introduction is quoted from t

Internet connectivity for your VPC-attached Lambda functions without a NAT Gateway
Internet connectivity for your VPC-attached Lambda functions without a NAT Gateway

lambdaeip Internet connectivity for your VPC-attached Lambda functions without a NAT Gateway Background I occasionally have serverless applications th

Drop-in replacement for Go net/http when running in AWS Lambda & API Gateway
Drop-in replacement for Go net/http when running in AWS Lambda & API Gateway

Package gateway provides a drop-in replacement for net/http's ListenAndServe for use in AWS Lambda & API Gateway, simply swap it out for gateway.Liste

the pluto is a gateway new time, high performance, high stable, high availability, easy to use

pluto the pluto is a gateway new time, high performance, high stable, high availability, easy to use Acknowledgments thanks nbio for providing low lev

A standalone ipfs gateway

rainbow Because ipfs should just work like unicorns and rainbows Building go build Running rainbow Configuration NAME: rainbow - a standalone ipf

Apollo Federation Gateway v1 implementations by Go

fedeway Apollo Federation Gateway v1 implementations by Go. ⚠️ This product is under development. don't use in production. ⚠️ TODO implements validati

Owner
Ali Mosajjal
Infosec and FOSS
Ali Mosajjal
The Durudex gateway combines all durudex services so that it can be used through a single gateway.

The Durudex gateway combines all durudex services so that it can be used through a single gateway.

null 12 Sep 24, 2022
No-frills all-in-one HTTP API gateway

SX: a minimal, declarative API gateway WARNING: not production ready. Use at your own risk! Need something better? Check out nginx, Caddy or Envoy SX

Giorgio Pellero 1 Dec 18, 2021
Grpc-gateway-map-null - gRPC Gateway test using nullable values in map

Demonstrate gRPC gateway behavior with nullable values in maps Using grpc-gatewa

null 1 Jan 6, 2022
A Realtime API Gateway used with NATS to build REST, real time, and RPC APIs, where all your clients are synchronized seamlessly.

Realtime API Gateway Synchronize Your Clients Visit Resgate.io for guides, live demos, and resources. Resgate is a Go project implementing a realtime

Resgate.io - Synchronize Your Clients 599 Nov 14, 2022
A pair of local reverse proxies (one in Windows, one in Linux) for Tailscale on WSL2

tailscale-wsl2 TL;DR Running two reverse proxies (one in Windows, one in the WSL2 Linux VM), the Windows Tailscale daemon can be accessed via WSL2: $

Danny Hermes 29 Nov 16, 2022
All-in-one DHCP, TFTP, and HTTP PXE server

Pixy All-in-one DHCP, TFTP, and HTTP PXE server All in one solution for the beast of a problem that PXE usually offers up. TFTP All pxeboot image file

null 7 Jul 21, 2022
Arvind Iyengar 1 Mar 21, 2022
Package socket provides a low-level network connection type which integrates with Go's runtime network poller to provide asynchronous I/O and deadline support. MIT Licensed.

socket Package socket provides a low-level network connection type which integrates with Go's runtime network poller to provide asynchronous I/O and d

Matt Layher 48 Nov 15, 2022
Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core network solution.

Connecting the Next Billion People Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core

Magma 1.4k Nov 26, 2022
Optimize Windows's network/NIC driver settings for NewTek's NDI(Network-Device-Interface).

windows-ndi-optimizer[WIP] Optimize Windows's network/NIC driver settings for NewTek's NDI(Network-Device-Interface). How it works This is batchfile d

Nil Hiiragi 3 Apr 15, 2022