Packages and Binaries:
sshuttle
Sshuttle makes it possible to access remote networks using SSH. It creates a transparent proxy server, using iptables, that will forward all the traffic through an SSH tunnel to a remote copy of sshuttle.
It does not require installation on the remote server, which just needs to have Python installed.
Installed size: 861 KB
How to install: sudo apt install sshuttle
Dependencies:
- iptables | nftables
- libjs-sphinxdoc
- openssh-client | lsh-client | dropbear | ssh-client
- python3
sshuttle
Sshuttle documentation
root@kali:~# sshuttle -h
usage: sshuttle [-l [ip:]port] -r [user@]sshserver[:port] <subnets...>
positional arguments:
IP/MASK[:PORT[-PORT]]...
capture and forward traffic to these subnets
(whitespace separated)
options:
-h, --help show this help message and exit
-l, --listen [IP:]PORT
transproxy to this ip address and port number
-H, --auto-hosts continuously scan for remote hostnames and update
local /etc/hosts as they are found
-N, --auto-nets automatically determine subnets to route
--dns capture local DNS requests and forward to the remote
DNS server
--ns-hosts IP[,IP] capture and forward DNS requests made to the following
servers (comma separated)
--to-ns IP[:PORT] the DNS server to forward requests to; defaults to
servers in /etc/resolv.conf on remote side if not
given.
--method TYPE auto, nft, nat, tproxy, pf, ipfw
--python PATH path to python interpreter on the remote server
-r, --remote [USERNAME[:PASSWORD]@]ADDR[:PORT]
ssh hostname (and optional username and password) of
remote sshuttle server
-x, --exclude IP/MASK[:PORT[-PORT]]
exclude this subnet (can be used more than once)
-X, --exclude-from PATH
exclude the subnets in a file (whitespace separated)
-v, --verbose increase debug message verbosity (can be used more
than once)
-V, --version print the sshuttle version number and exit
-e, --ssh-cmd CMD the command to use to connect to the remote [ssh]
--no-cmd-delimiter do not add a double dash before the python command
--remote-shell PROGRAM
alternate remote shell program instead of defacto
posix shell. For Windows targets it would be either
`cmd` or `powershell` unless something like git-bash
is in use.
--seed-hosts HOSTNAME[,HOSTNAME]
comma-separated list of hostnames for initial scan
(may be used with or without --auto-hosts)
--no-latency-control sacrifice latency to improve bandwidth benchmarks
--latency-buffer-size SIZE
size of latency control buffer
--wrap NUM restart counting channel numbers after this number
(for testing)
--disable-ipv6 disable IPv6 support
-D, --daemon run in the background as a daemon
-s, --subnets PATH file where the subnets are stored, instead of on the
command line
--syslog send log messages to syslog (default if you use
--daemon)
--pidfile PATH pidfile name (only if using --daemon) [./sshuttle.pid]
--user USER apply all the rules only to this linux user
--group GROUP apply all the rules only to this linux group
--firewall (internal use only)
--hostwatch (internal use only)
--sudoers-no-modify Prints a sudo configuration to STDOUT which allows a
user to run sshuttle without a password. This option
is INSECURE because, with some cleverness, it also
allows the user to run any command as root without a
password. The output also includes a suggested method
for you to install the configuration.
--sudoers-user SUDOERS_USER
Set the user name or group with %group_name for
passwordless operation. Default is the current user.
Only works with the --sudoers-no-modify option.
--no-sudo-pythonpath do not set PYTHONPATH when invoking sudo
-t, --tmark [MARK] tproxy optional traffic mark with provided MARK value
in hexadecimal (default '0x01')
--namespace NAMESPACE
Run inside of a net namespace with the given name.
--namespace-pid NAMESPACE_PID
Run inside the net namespace used by the process with
the given pid.
Updated on: 2025-May-20