> ## Documentation Index
> Fetch the complete documentation index at: https://notes.chaelsoo.me/llms.txt
> Use this file to discover all available pages before exploring further.

# Pivoting & Tunneling

Pivoting lets you reach network segments that are not directly accessible from your attacker machine by routing traffic through a compromised host. Choose the tool based on what you can run on the pivot and what the target network allows.

```wrap theme={"theme":{"light":"night-owl","dark":"night-owl"}}
Attacker  ← tunnel →  Pivot host  ← LAN →  Internal targets
```

<CardGroup cols={3}>
  <Card title="Ligolo-ng" icon="route" href="./ligolo">
    Reverse TUN-based tunnel: full IP routing through a compromised host, transparent to tools
  </Card>

  <Card title="Chisel" icon="link" href="./chisel">
    HTTP-tunnelled SOCKS5 and port forwarding; works through restrictive firewalls
  </Card>

  <Card title="Proxychains" icon="code-merge" href="./proxychains">
    Route arbitrary tool traffic through a SOCKS proxy; pairs with Ligolo and Chisel
  </Card>
</CardGroup>

## Choosing a Tool

| Scenario                                                      | Use                                      |
| ------------------------------------------------------------- | ---------------------------------------- |
| Full subnet access needed, can drop a binary                  | Ligolo-ng                                |
| Only HTTP/HTTPS egress from the pivot                         | Chisel                                   |
| Need to route a specific tool through an existing SOCKS proxy | Proxychains                              |
| SSH available on the pivot host                               | SSH local/remote/dynamic port forwarding |
