Overview
Ligolo-ng creates encrypted tunnels using a TUN interface. No SOCKS proxy needed — traffic routes natively through the kernel. Faster and more stable than chisel/proxychains.| Component | Runs on | Description |
|---|---|---|
| Proxy | Attacker | Manages tunnels and routes |
| Agent | Victim | Connects back to proxy |
Download
GitHub
proxy (attacker) and agent (victim). Match OS and architecture.
Build from source
Setup — Attacker
Create TUN interface
Start proxy
0.0.0.0:11601
Custom port:
Setup — Victim
Transfer agent
Connect back
Linux:Start Tunnel
In proxy console:Add route to internal network
Double Pivot
Reach a third network through two compromised machines.Scenario
Step 1 — First pivot (already done)
Step 2 — Upload agent to Victim2
Use listener (see below) or transfer through Victim1.Step 3 — Add listener on Victim1
In proxy console, select Victim1 session:Step 4 — Connect Victim2 agent through Victim1
On Victim2:Step 5 — Route third network
Port Forwarding (Listener)
Expose attacker port through victim. Useful for reverse shells and file transfer through pivot.Reverse shell through pivot
In proxy console:File server through pivot
Victim1_IP:8080.
List active listeners
Remove listener
Useful Commands (Proxy Console)
| Command | Description |
|---|---|
session | List/select sessions |
start | Start tunnel on selected session |
stop | Stop active tunnel |
listener_add | Add port forward |
listener_list | Show active listeners |
listener_stop | Remove listener |
ifconfig | Show victim network interfaces |
Troubleshooting
| Problem | Fix |
|---|---|
| No route to host | Check ip route — add route for internal subnet to ligolo interface |
| Agent won’t connect | Firewall blocking outbound? Try port 443: -laddr 0.0.0.0:443 |
| Tunnel starts but no traffic | Wrong TUN interface — verify with ip route and start --tun ligoloX |
| DNS not resolving | Add internal DNS to /etc/resolv.conf or use IPs directly |