Skip to content

Get Connected

SSH

TODO READ: * A visual guide to SSH tunnels * How Tunneling Works * How Tunneling Works Video * https://en.m.wikibooks.org/wiki/OpenSSH/Cookbook/Tunnels * SSH port forwarding - Example, command, server config * Run SSH with command aliases * The pitfalls of using ssh-agent, or how to use an agent safely

  1. Stand-up a cloud-hosted Kali box, configure OpenVAS, ssh into the box...all encrypted yet run on my local browser. I no longer have to bother with installing VNC.
  2. Same thing with Dradis...allows a penetration testing team to collaborate on an assignment without having to mess with certificates.
  3. I wrote a script that launches 10 VMs in DigitalOcean in seconds, then I ssh into them with -D 9050...9059. I have 10 entries in my proxychains.conf file for 127.0.0.1 9050...127.0.0.1 9059, and then launch theHarvester with proxychains. Google no longer accuses me of being a bot.
  4. I passed a tip along to a network engineer at my company that he should read your book rather than exposing an administrative login page on a public facing website.
  5. For privacy, I sometimes create a VM on the fly and use it as a proxy in Firefox."

Idea: create a webapp that uses litegraph.js (examples) to visually create a ssh setup and get a ssh_config out.

Browsing

Protect Yourself

Use selfhosted services

Hoster

Digital Ocean

https://cloud.digitalocean.com

Droplets are cheap and only costs money as long as they exists.

fly.io

https://fly.io/

Has a very neat pricing model as it allowes to have 3 free VMs with persistent storage (3gb). Creating additional accounts for more free resources is allowed!

In addition, a free postgresql and persistence is available (check docu).

Dockerfile deployment is quite easy and doesn't require docker installed on the machine because it runs the builds on a builder instance.

# login into fly.io
flyctl auth login

# create a new app
fly launch

# re/deploy the app
fly deploy

# restart the app
fly restart <app-name>

# destroy the app
fly destroy <app-name>

Hetzner VPS

https://www.hetzner.com/cloud

Starting from €4.15, pay as you go.

Services

SqlPad

https://getsqlpad.com/

This selfhosted application is capable to connect to a vast range of sql servers like: MySQL, Postgres, SQL Server, Vertica, Crate, ClickHouse, Trino, Presto, SAP HANA, Cassandra, Snowflake, BigQuery, SQLite, and more with ODBC

Docker supported!

Spiderfoot

https://github.com/smicallef/spiderfoot

Powered by the "project discovery".

Able to have a broad OSINT scan on a target from passive to agressive with a lot of modules. Doesn't search for files or vulns.

Osmedeus

https://github.com/j3ssie/osmedeus

OSINT and Vuln Scanner with configurable workflows and decentralized cloud scanners (spawn droplets for scanning).

The workflows are written in YAML with a special syntax for scripting. It's essentially a way to tell osmedeus how to run commands and pass information to the next step.

A web ui is available as https://vps-ip:8000/ui/.