EndGame v2.5 releases: Onion Service DDOS Prevention Front System

EndGame – Onion Service DDOS Prevention Front System

EndGame is

• a front system designed to protect the core application servers on an onion service in a safe and private way.
• locally complied and locally run (no trusted or middle party).
• a combination of multiple different technologies working together in harmony (listed below).
• FREE FOR ALL TO USE!
• arguably magic ㄟ( ▔, ▔ )ㄏ

Main Features

• Fully scripted and easily deploy-able (for mass scaling!) on blank Debian 10 systems.
• Full-featured NGINX LUA script to filter packets and provide a captcha directly using the NGINX layer.
• Rate limiting via Tor’s V3 onion service circuit ID system with secondary rate limiting based on a testcookie like a system.
• Easy Configuration for both local and remote (over Tor) front systems.
• Easily configurable and change-able to meet an onion service’s needs.

Tech Overview

Endgame uses a number of open-source projects (and libraries) to work properly.

Projects:

• NGINX – NGINX! A webserver obviously to provide the packet handling, threading, and proxying.
• Tor – Tor is free and open-source software for enabling anonymous communication. It’s awesome and makes all this possible.
• Vanguards – A safer onion service circuit building system (to prevent some traffic analysis attacks)
• STEM – A python controller for Tor.
• NYX – A command-line monitor for Tor (to easily check the endgame front’s Tor process.
• V3 OnionBalance – A distributed DNS round-robin like system on Tor to allow load-balancing and elimiate single points of failure.
• OpenSSL – A dependency for a lot of this projects and libraries.
• Python3 – A easy to work with programming language we use for background image generation.

NGINX Modules:

• Socks NGINX – A NGINX module to allow proxying to Tor onion services directly on the NGINX layer.
• NAXSI – A high performance web application firewall for NGINX.
• Headers More – A module for better control of headers in NGINX.
• Echo NGINX – A NGINX module which allows shell style commands in the NGINX configuration file.
• LUA NGINX – The power of LUA into NGINX via a module. This allows all the scripting, packet filtering, and captcha functionality EndGame does.
• NGINX Development Kit – Development Kit for NGINX (dependency)

Libraries:

• LUAJIT2 NGINX – Just in time compiler for LUA.
• LUA Resty String – String functions for ngx_lua and LUAJIT2
• LUA Resty Cookie – Provides cookie manipulation
• LUA Resty Session – Provides session manipulation
• LUA Resty AES – AES Functions file for LUA. Used for shared session cookies.
• LUA GD – GD image generation bindings For LUA

Changelog v2

• updated documentation
• load balanced Tor socks processes for more stable socks_passes
• unix listening instead of ports for performance, stability, and security
• true randomization for captcha and cookie generation
• simple queue system (time based, read below)
• various theme configuration options right on the setup file
• dependency script to get all the dependencies only once. Effectively snapshotting all dependencies preventing future dependency repo exploits in the VERY unlikely case a repo was to get compromised. Paranoia mode.
• bug fixes and various performance tunings

Install & Use