Free book to master SSH tunneling concepts

Free book to master SSH tunneling concepts

This repo contains the PDF book The Cyber Plumber’s Handbook – The definitive guide to Secure Shell (SSH) tunneling,
port redirection, and bending traffic like a boss
. The book was first published in October 2018 for purchase, but now
I’m providing it for FREE to anyone interested in learning more about the magic of SSH tunnels and port redirection.

Book Overview

This book is packed with practical and real world examples of SSH tunneling and port redirection in multiple realistic
scenarios. It walks you through the basics of SSH tunneling (both local and remote port forwards), SOCKS proxies, port
redirection, and how to utilize them with other tools like proxychains, nmap, Metasploit, and web browsers.

Advanced topics included SSHing through 4 jump boxes, throwing exploits through SSH tunnels, scanning assets using
proxychains and Metasploit’s Meterpreter, browsing the Internet through a SOCKS proxy, utilizing proxychains and nmap
to scan targets, and leveraging Metasploit’s Meterpreter portfwd command.

Getting Started

  1. Agree to the terms of the Creative Commons Attribution-NonCommercial 4.0 International License which
    is also outlined here.

  2. Download the latest PDF from here.

  3. Purchase the The Cyber Plumber’s Lab Guide and Interactive Access from
    here. Your purchase includes a PDF lab guide with 45+ exercises and 28
    days of interactive access to a real live lab to practice SSH tunneling and port redirection techniques!

Interactive Lab

The Cyber Plumber’s Lab Guide and Interactive Access can be purchased here.
There is a 75% off discount for students…just send an email to from your educational email address.

Why purchase?

SSH tunneling is a skill you can use for the rest of your IT career! SSH tunneling and port redirection are skills
that can be applied in any information technology discipline, so it does not matter if you are a network engineer, red
teamer, penetration tester, developer, or something in between. That being said, the examples tend to skew towards
pairing tunneling techniques with penetration testing tools.

Lab Description

Four jump boxes provide the Internet facing portion of the lab. However, the fun really starts when you start
leveraging tunneling techniques to reach the internal side of the network to access services such as Secure SHell (SSH),
Web, and Remote Desktop Protocol (RDP). The Linux and Windows targets are also running vulnerable services that can be
exploited for the true tunneling ninjas. Each of the exercises has a brief description and solution to assist you in the
event you get stuck.


The interactive lab portion requires a Linux-based host or virtual machine (preferably Kali), Internet access, a basic
grasp of networking and Information Technology fundamentals, and Linux commands. The use of a Windows Operating System
to access the lab has not been tested. Immediately after purchasing this, you will receive an SSH private key via email
and instructions on how to access the lab. Your lab time starts immediately after purchasing, so plan accordingly!


After your course, I have been able to:

  1. Stand-up a cloud-hosted Kali box, configure OpenVAS, ssh into the box…all encrypted yet run on my local browser.
    I no longer have to bother with installing VNC.

  2. Same thing with Dradis…allows a penetration testing team to collaborate on an assignment without having to mess
    with certificates.

  3. I wrote a script that launches 10 VMs in DigitalOcean in seconds, then I ssh into them with -D 9050…9059. I have
    10 entries in my proxychains.conf file for 9050… 9059, and then launch theHarvester with
    proxychains. Google no longer accuses me of being a bot.

  4. I passed a tip along to a network engineer at my company that he should read your book rather than exposing an
    administrative login page on a public facing website.

  5. For privacy, I sometimes create a VM on the fly and use it as a proxy in Firefox.”

Bulk / Team Pricing

The purchase of the lab guide and access is for individual use only. If you are interested in bulk or team pricing for
your organization, please contact me using here. Access keys cannot be shared and your lab
access will be immediately revoked without a refund if you are discovered doing this.


  1. What if I find a error / typo?

    Submit a issue here

  2. Will you open source the LaTeX files?




Distributed under the Creative Commons Attribution-NonCommercial 4.0 International License. See for more

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

NOW WITH OVER +8500 USERS. people can Join Knowasiak for free. Sign up on
Read More

Leave a Reply

2 thoughts on “Free book to master SSH tunneling concepts

  1. Aditya avatar

    Thank you for such a thorough book…

    This book does discuss autossh [1] which I came to know about recently while setting up my dynamic home ip (w/ CG-NAT) as the exit node in a wireguard network to overcome geo-restrictions on streaming services when traveling… :p

    autossh [1] is such a simple and useful utility, wish I had known about it earlier when any connection changes in VPN/WiFi used to break my ssh tunnels to the corporate network during development…

    If you're a frequent user of ssh tunnels, do check out autossh… ๐Ÿ˜‰


  2. Aditya avatar

    Looks interesting, will give it a read as it looks to cover more than the basics.

    Years ago I worked in a SOC doing managed services for a major telco provider, and for some reason they thought that we didn't have the need to do any kind of SSH tunneling to manage routers/switches/firewalls. They kept blocking it at various layers, and we kept having to find more and more creative ways to get around it. I think at one point we were hosting our own PAC files local to our machines, building three layers of tunnels (the last of which being a dynamic SOCKS tunnel), and using a portable browser (because we couldn't be trusted with admin!) with FoxyProxy (or similar) to finally reach our destination.