How to Use Your Own Tools on Remote Machines via SSH SOCKS Tunnel

17th Jul 2025
2 min read
Tags:
wireshark,
tutorials

Sometimes you want to use binaries for enumeration, but you can’t run GUI tools over SSH (like wireshark), or you don’t want to make noise by installing binaries on the target machine (like nmap). In this case, you can forward only the requests, not the whole application.

This way, you don’t have to install anything on the target machine, you get less latency, and you leave less footprint (binary+requests vs requests).

Here are some examples to get started:

NMAP

ssh -D 9050 target@123.456.789.012

This will create a tunnel between you and the target, so any request you send to localhost:9050 will be forwarded through SSH to the target machine.

Then you can just use proxychains to wrap any tool, and it will use the port you specified in the config to forward requests.

proxychains4 nmap nmap -sn 192.168.0.0/24

You can do this with any tools that use outbound requests for working; nmap is just the best example.

Wireshark

Wireshark has support for capturing packets over SSH:

Go to Capture > Options
SSH remote capture options
Configure authentication credentials, way of escalation to root, remote capture command, press start.