whatisgithub

What is ligolo-ng?

nicocha30/ligolo-ng — explained in plain English

Analysis updated 2026-06-26

4,541GoAudience · ops devopsComplexity · 3/5LicenseSetup · moderate

In one sentence

A fast network tunneling tool for penetration testers that lets you reach internal networks through a compromised host by creating a virtual network interface, so standard tools work without SOCKS proxy configuration.

Mindmap

mindmap
  root((repo))
    What it does
      Internal network pivot
      Virtual tun interface
      No root on agent
    Components
      Relay server
      Agent binary
      Web UI
    Features
      Auto-bind reconnect
      Multi-tester sharing
      100 Mbps throughput
      Cross-platform
    Protocols
      TCP
      UDP
      ICMP
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Reach internal network machines from your attack box after compromising a single internal host during a pentest

USE CASE 2

Run standard scanning tools like nmap directly against an internal subnet without configuring SOCKS proxies

USE CASE 3

Set up a persistent reverse tunnel that automatically re-establishes when a specific agent reconnects during a long engagement

USE CASE 4

Share one relay server among multiple pentesters simultaneously through the built-in web interface

What is it built with?

GoTLSLinuxWindowsmacOS

How does it compare?

nicocha30/ligolo-ngnalgeon/redkabeclab/olares
Stars4,5414,5484,533
LanguageGoGoGo
Setup difficultymoderateeasyhard
Complexity3/53/54/5
Audienceops devopsdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Relay server requires permission to create a tun network interface on the operator machine, one-time system setup step.

Free to use and share, but any changes you distribute must also be released under the same GPLv3 license terms.

So what is it?

Ligolo-ng is a network tunneling tool built for security professionals who need to reach internal networks during penetration tests. When a tester has compromised one machine inside a target network, they often need to communicate with other machines that are not directly reachable from the internet. Ligolo-ng solves this by creating what it calls a "tun" interface on the tester's machine, which acts like a virtual network card. Traffic sent through that interface gets forwarded through the compromised machine to the internal network, similar in concept to a VPN but designed for this specific testing scenario. The tool has two pieces: an agent that runs on the compromised machine, and a relay server that runs on the tester's side. A key design choice is that the agent does not need administrator or root privileges on the compromised system, which makes it usable in more restricted environments. The relay server does need permission to create a network interface on the tester's machine, but that is a one-time setup step. Compared to older approaches like SOCKS proxies or proxy chains, Ligolo-ng lets standard tools such as network scanners run directly without any special configuration. This is because the traffic appears to come from a real network interface rather than being funneled through an application-layer proxy. Performance in testing showed throughput above 100 Megabits per second. Version 0.8 added a web interface and API that allow multiple testers to share one relay setup, a daemon mode so the relay can run as a background service, and automatic route configuration across Windows, Linux, macOS, and BSD. It also added "auto-bind" so tunnels re-establish themselves automatically when a specific agent reconnects, which is useful during long engagements where connections may drop. The project is licensed under GPLv3. It supports TCP, UDP, and ICMP traffic. The README notes a few limitations around raw packet forwarding and recommends specific flags when using certain scanning tools to avoid misleading results.

Copy-paste prompts

Prompt 1
I compromised a Linux machine during a pentest and want to pivot into the internal 192.168.1.0/24 subnet using ligolo-ng. Give me the exact commands to start the relay, deploy the agent, and add the route.
Prompt 2
Using ligolo-ng, set up the tun interface on my Kali machine and configure routing so I can run nmap directly against a Windows host at 10.10.10.50 on the internal network.
Prompt 3
How do I run the ligolo-ng relay in daemon mode as a persistent service on my C2 server? Include the systemd unit file.
Prompt 4
My nmap scan through ligolo-ng is showing all hosts as up with false positives. What flags do I need to fix this behavior?
Prompt 5
Configure auto-bind in ligolo-ng so the tunnel to a specific agent automatically re-establishes if the compromised machine reboots mid-engagement.

Frequently asked questions

What is ligolo-ng?

A fast network tunneling tool for penetration testers that lets you reach internal networks through a compromised host by creating a virtual network interface, so standard tools work without SOCKS proxy configuration.

What language is ligolo-ng written in?

Mainly Go. The stack also includes Go, TLS, Linux.

What license does ligolo-ng use?

Free to use and share, but any changes you distribute must also be released under the same GPLv3 license terms.

How hard is ligolo-ng to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is ligolo-ng for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.