RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
License: GNU General Public License v2.0
██████╗ ███████╗██████╗ ██████╗ ██╗ ██╗ █████╗ ██████╗ ██████╗
██╔══██╗██╔════╝██╔══██╗ ██╔════╝ ██║ ██║██╔══██╗██╔══██╗██╔══██╗
██████╔╝█████╗ ██║ ██║ ██║ ███╗██║ ██║███████║██████╔╝██║ ██║
██╔══██╗██╔══╝ ██║ ██║ ██║ ██║██║ ██║██╔══██║██╔══██╗██║ ██║
██║ ██║███████╗██████╔╝ ╚██████╔╝╚██████╔╝██║ ██║██║ ██║██████╔╝ -V 22.5.26.1716 Alpha
╚═╝ ╚═╝╚══════╝╚═════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝
Github:https://github.com/wikiZ/RedGuard
RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
[2022-05-31 23:16:35] A default SSL certificate is being generated for the reverse proxy...
[2022-05-31 23:16:35] HostTarget: {"360.net":"http://127.0.0.1:8080","360.com":"https://127.0.0.1:4433"}
[2022-05-31 23:16:35] Proxy Listen Port :8080 (HTTP)
[2022-05-31 23:16:35] Proxy Listen Port :8443 (HTTPS)
2022/05/31 23:16:40 http: TLS handshake error from 116.7.20.49:1549: remote error: tls: unknown certificate
2022/05/31 23:16:42 http: TLS handshake error from 116.7.20.49:1595: remote error: tls: unknown certificate
[2022-05-31 23:16:42] [REQUEST] GET /
2022/05/31 23:16:42 http: panic serving 116.7.20.49:1596: runtime error: invalid memory address or nil pointer dereference
goroutine 23 [running]:
net/http.(*conn).serve.func1(0xc00047c1e0)
c:/go/src/net/http/server.go:1801 +0x147
panic(0x7e9140, 0xc01100)
c:/go/src/runtime/panic.go:975 +0x47a
RedGuard/core.MalleableFilter(0xc000329021, 0x13, 0xc00019ca00, 0x0)
C:/Users/风起/GolandProjects/RedGuard/core/ProxyFilter.go:64 +0xb8
RedGuard/core.ProxyFilterManger(0xc00019ca00, 0x85c5fe)
C:/Users/风起/GolandProjects/RedGuard/core/ProxyFilter.go:169 +0x715
RedGuard/core.(*baseHandle).ServeHTTP(0xc63640, 0x942ea0, 0xc00027a0e0, 0xc00019ca00)
C:/Users/风起/GolandProjects/RedGuard/core/ProxyHandler.go:72 +0x6fb
net/http.serverHandler.ServeHTTP(0xc000464000, 0x942ea0, 0xc00027a0e0, 0xc00019ca00)
c:/go/src/net/http/server.go:2843 +0xa3
net/http.(*conn).serve(0xc00047c1e0, 0x9439e0, 0xc00014c640)
c:/go/src/net/http/server.go:1925 +0x8ad
created by net/http.(*Server).Serve
c:/go/src/net/http/server.go:2969 +0x36c
2022/05/31 23:16:43 http: TLS handshake error from 116.7.20.49:1619: remote error: tls: unknown certificate
[2022-05-31 23:16:43] [REQUEST] GET /
2022/05/31 23:16:43 http: panic serving 116.7.20.49:1620: runtime error: invalid memory address or nil pointer dereference
goroutine 12 [running]:
net/http.(*conn).serve.func1(0xc0000b4280)
c:/go/src/net/http/server.go:1801 +0x147
panic(0x7e9140, 0xc01100)
c:/go/src/runtime/panic.go:975 +0x47a
RedGuard/core.MalleableFilter(0xc000025f21, 0x13, 0xc00019c500, 0x0)
C:/Users/风起/GolandProjects/RedGuard/core/ProxyFilter.go:64 +0xb8
RedGuard/core.ProxyFilterManger(0xc00019c500, 0x85c5fe)
C:/Users/风起/GolandProjects/RedGuard/core/ProxyFilter.go:169 +0x715
RedGuard/core.(*baseHandle).ServeHTTP(0xc63640, 0x942ea0, 0xc0004640e0, 0xc00019c500)
C:/Users/风起/GolandProjects/RedGuard/core/ProxyHandler.go:72 +0x6fb
net/http.serverHandler.ServeHTTP(0xc000464000, 0x942ea0, 0xc0004640e0, 0xc00019c500)
c:/go/src/net/http/server.go:2843 +0xa3
net/http.(*conn).serve(0xc0000b4280, 0x9439e0, 0xc0002c8080)
c:/go/src/net/http/server.go:1925 +0x8ad
created by net/http.(*Server).Serve
c:/go/src/net/http/server.go:2969 +0x36c
2022/05/31 23:16:48 http: TLS handshake error from 116.7.20.49:1777: remote error: tls: unknown certificate
[2022-05-31 23:16:48] [REQUEST] GET /
2022/05/31 23:16:48 http: panic serving 116.7.20.49:1778: runtime error: invalid memory address or nil pointer dereference
goroutine 13 [running]:
net/http.(*conn).serve.func1(0xc00024c000)
c:/go/src/net/http/server.go:1801 +0x147
panic(0x7e9140, 0xc01100)
c:/go/src/runtime/panic.go:975 +0x47a
RedGuard/core.MalleableFilter(0xc000329981, 0x13, 0xc00015ed00, 0x0)
C:/Users/风起/GolandProjects/RedGuard/core/ProxyFilter.go:64 +0xb8
RedGuard/core.ProxyFilterManger(0xc00015ed00, 0x85c5fe)
C:/Users/风起/GolandProjects/RedGuard/core/ProxyFilter.go:169 +0x715
RedGuard/core.(*baseHandle).ServeHTTP(0xc63640, 0x942ea0, 0xc0004641c0, 0xc00015ed00)
C:/Users/风起/GolandProjects/RedGuard/core/ProxyHandler.go:72 +0x6fb
net/http.serverHandler.ServeHTTP(0xc000464000, 0x942ea0, 0xc0004641c0, 0xc00015ed00)
c:/go/src/net/http/server.go:2843 +0xa3
net/http.(*conn).serve(0xc00024c000, 0x9439e0, 0xc000343d80)
c:/go/src/net/http/server.go:1925 +0x8ad
created by net/http.(*Server).Serve
c:/go/src/net/http/server.go:2969 +0x36c
An error occurred...
关于日志输出大家觉得有没有必要,已知可能会导致出现一些问题。
hey man, awesome work , the project is just a life saver and a masterpiece 🔥
the routing part is well explained or im just not smart enough 😅 , but i don't get how the networking thing work for example why am i setting the binding port to 8080, and RedGaurd is listening localhost and teamserver listener is running on another interface how it is seeing the traffic?
that take us to the other point, how do i run RedGuard on a re-director server that is not the teamserver , is the redirection of traffic happens with RedGuard or i still need to configure iptables routing??
thanks in advance.
Does this work on the c2 redirector though any tjoughst on that
delete
Hey,
I tried using RedGuard on a redirector Server today. Unfortunately it was not able to parse my MalleableC2 profile correctly.
For example the following was not parsed correctly:
http-get "variant_1" {
set uri "/test.css /testz.css";
}
As requests to the URL /test.css were not redirected but blocked.
Is that a bug?
Greetings
我测试的版本是CS4.4 发现在get请求情况下一切正常但是在post数据请求的时候都会触发拦截策略把流量给转发了
一开始以为是CS改版的问题,但是正常版本的跟改版的都试过读取profile文件上线,退出等一点问题没有,但是执行命令什么的操作就出问题。怀疑是profile文件读取缺失造成的,特别是在post请求部分。具体是什么问题我没做分析,主要也看不太懂GO的代码。这边把我用的C2的profile生成插件发你,你可以测试一下。https://github.com/Peithon/JustC2file
或者你想看看我的问题profile我可以邮件发给你。4.1版本的小文件profile测试没任何问题
大佬配置好之后 使用crossC2上线linux是不行的
Hello. I've got this error
TLS handshake error from victimipv4address:28130: remote error: tls: unknown certificate authority.
Soft started without problems but if i try to get request to my listener through RedGuard I've got this error. I tried to change "HasCert" but unsuccessfully. Any suggestions?
很久就star了,一直没来得及试试,最开始以为是类似C3的扩展C2,看了下介绍与用法,貌似只是做了前置流量的导向控制,没有否定作者工作成果的意思,只是感觉使用场景不是很大,建议扩展成C3那种(PS:因为我不会写,C3没有国内的通用通道,一直想弄一个国内能用的),总之,风起大哥加油
就是现在最担心的就是沙箱的分析这块。对于使用CDN前置或者云函数的情况下RG就可能无法准确判断IP来源的可靠性了。就算在CDN处理过后携带真实IP给RG进行判断。由于判断的条件为域名的方式和C2请求合规来判断依然可能出现上线,这种情况过来的流量都是经过CDN中转后的IP即使内置很多沙箱IP也没办法判断出来是否来至沙箱的流量。再退一步来说通过在CDN进行白名单限制那过于麻烦。
能否在RG上添加自定义头部判断。比如XFF头,在CDN或云函数处理后携带XFF头给RG。即使这个沙箱IP没有在内置库当中,
他只要不匹配白名单的要求依旧无法上线。
看了下好像是只能80 443 要对多个端口监听就不行了
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.