Skip to content

Get Connected


TODO READ: * A visual guide to SSH tunnels * How Tunneling Works * How Tunneling Works Video * * SSH port forwarding - Example, command, server config * Run SSH with command aliases * The pitfalls of using ssh-agent, or how to use an agent safely

  1. Stand-up a cloud-hosted Kali box, configure OpenVAS, ssh into the box...all encrypted yet run on my local browser. I no longer have to bother with installing VNC.
  2. Same thing with Dradis...allows a penetration testing team to collaborate on an assignment without having to mess with certificates.
  3. I wrote a script that launches 10 VMs in DigitalOcean in seconds, then I ssh into them with -D 9050...9059. I have 10 entries in my proxychains.conf file for 9050... 9059, and then launch theHarvester with proxychains. Google no longer accuses me of being a bot.
  4. I passed a tip along to a network engineer at my company that he should read your book rather than exposing an administrative login page on a public facing website.
  5. For privacy, I sometimes create a VM on the fly and use it as a proxy in Firefox."

Idea: create a webapp that uses litegraph.js (examples) to visually create a ssh setup and get a ssh_config out.


Protect Yourself

Use selfhosted services


Digital Ocean

Droplets are cheap and only costs money as long as they exists.

Has a very neat pricing model as it allowes to have 3 free VMs with persistent storage (3gb). Creating additional accounts for more free resources is allowed!

In addition, a free postgresql and persistence is available (check docu).

Dockerfile deployment is quite easy and doesn't require docker installed on the machine because it runs the builds on a builder instance.

# installation
curl -L | sh

# login into
flyctl auth login

# create a new app
fly launch

# re/deploy the app
fly deploy

# restart the app
fly restart <app-name>

# destroy the app
fly destroy <app-name>

Hetzner VPS

Starting from €4.15, pay as you go.



This selfhosted application is capable to connect to a vast range of sql servers like: MySQL, Postgres, SQL Server, Vertica, Crate, ClickHouse, Trino, Presto, SAP HANA, Cassandra, Snowflake, BigQuery, SQLite, and more with ODBC

Docker supported!


Powered by the "project discovery".

Able to have a broad OSINT scan on a target from passive to agressive with a lot of modules. Doesn't search for files or vulns.


OSINT and Vuln Scanner with configurable workflows and decentralized cloud scanners (spawn droplets for scanning).

The workflows are written in YAML with a special syntax for scripting. It's essentially a way to tell osmedeus how to run commands and pass information to the next step.

A web ui is available as https://vps-ip:8000/ui/.