Tunnels

Network Tunneling Tools Cheatsheet

This cheatsheet provides a quick reference for various tunneling tools that can help bypass network restrictions, create secure connections, or enable remote access to services.

Comparison Table

Name	Protocol	HTTP	SOCKS	TCP	UDP	TLS/Encryption	Stable	Platform
SSF	Custom TCP	🟢	🟢	🟢	🟢	🟢	🟡	🪟 🐧 🍎
chisel	WebSocket	🟢	🟢	🟢	🟡	🟢	🟢	🌐
wstunnel	WebSocket	🟢	🟢	🟢	🔴	🟢	🟡	🌐 (Rust)
frp	Custom TCP	🟢	🟢	🟢	🟢	🟢	🟢	🌐 (Go)
ngrok	HTTPS	🟢	🔴	🟢	🔴	🟢	🟢	☁️ + 🌐
ssh	SSH	🟢	🟢	🟢	🟡	🟢	🟢	🪟 🐧 🍎
Ligolo-ng	Custom TLS	🟢	🟢	🟢	🟢	🟢	🟢	🌐 (Go)

Legend: 🟢 Supported | 🟡 Partial Support | 🔴 Not Supported | 🪟 Windows | 🐧 Linux | 🍎 macOS | 🌐 Cross-platform | ☁️ SaaS

Tool Details

SSF (Secure Socket Funneling)

SSF provides a set of network tools built upon a custom network stack using SSL/TLS. It can establish SOCKS proxies, forward TCP/UDP ports, and create network shells.

Server:

ssfd --port 80

Client:

ssf -F 1080 -p 80 <server-ip>

Key Features:

• End-to-end encryption
• SOCKS proxy support
• Port forwarding (TCP/UDP)
• Shell access
• Circuit relay for multi-hop connections

Chisel

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. It’s a single executable that includes both client and server.

Server:

chisel server --reverse --port 80

Client:

chisel client <server-ip>:80 R:socks [--fingerprint <fingerprint>]

Key Features:

• HTTP/HTTPS tunneling with WebSocket
• SSH encryption
• SOCKS5 proxy
• Reverse port forwarding
• Easy fingerprinting for security

wstunnel

wstunnel creates tunnels using WebSocket protocol, allowing traffic to pass through restrictive firewalls.

Server:

wstunnel server wss://0.0.0.0:80

Client:

wstunnel client -R socks5://127.0.0.1:1080 ws://<server-ip>:80

Key Features:

• WebSocket based tunneling
• Can work over HTTPS/WSS
• SOCKS5 proxy support
• Simple configuration
• Fast Rust implementation

frp (Fast Reverse Proxy)

frp is a powerful reverse proxy focused on intranet penetration, allowing exposure of local services to the internet.

Server:

frps -c frps.toml

frps.toml

# server listening port, default interface on 0.0.0.0
bindPort = 7000
# Optional dashboard
# dashboardPort = 7500
# dashboardUser = "admin"
# dashboardPwd = "admin"

Client:

frpc -c frpc.toml

frpc.toml

serverAddr = "<server-ip>"
serverPort = 7000
 
[[proxies]]
name = "socks"
type = "tcp"
remotePort = 1080
[proxies.plugin]
type = "socks5"

Key Features:

• TCP/UDP port forwarding
• HTTP/HTTPS service exposure
• SOCKS5/HTTP proxy
• P2P direct connection
• Load balancing
• Custom domains
• Dashboard for monitoring

SSH Tunneling

SSH itself provides powerful tunneling capabilities built into most systems.

Local Port Forwarding:

ssh -L 8080:internal-server:80 user@gateway-host

Dynamic SOCKS Proxy:

ssh -D 1080 user@remote-host

Remote Port Forwarding:

ssh -R 8080:localhost:80 user@remote-host

Key Features:

• Built into most systems
• Strong encryption
• Local, remote, and dynamic forwarding
• SOCKS proxy support
• Compression option

ngrok

ngrok exposes local servers behind NATs and firewalls to the public internet over secure tunnels.

HTTP Tunnel:

ngrok http 8080

TCP Tunnel:

ngrok tcp 22

Key Features:

• Public URLs for local servers
• TLS encryption
• Request inspection
• API & webhook integration
• Custom domains (paid plans)
• Easy to use

Ligolo-ng

Ligolo-ng is a simple, lightweight and fast tunnel tool that allows pentesters to establish SOCKS5 proxies and TCP tunnels through compromised hosts.

Server (Agent):

./agent -connect <proxy-ip>:11601 -ignore-cert

Client (Proxy):

./proxy -selfcert

Key Features:

• TUN/TAP interface for transparent proxying
• LAN access via compromised hosts
• Low detection profile
• SOCKS5 proxy
• Encrypted communication
• Built for security professionals

Use Case Examples

• Corporate Restrictions Bypass: SOCKS proxies via SSH or Chisel
• Expose Local Development Server: ngrok or frp
• Access Internal Networks: SSF or Ligolo-ng
• Bypass Deep Packet Inspection: wstunnel (WebSocket-based)
• Network Pivoting: Ligolo-ng or SSF
• Quick Secure Tunnel: SSH tunneling