The Pivot Problem: Why We Need a Unified Tunnel Manager

Pivoting is the bread and butter of modern red teaming. You compromise a foothold, and you tunnel deeper.

But the reality of managing tunnels is… messy.

The Multi-Tool Chaos

In a complex engagement, your infrastructure often looks like this:

1. Team Server: Running in the cloud (AWS/DO).
2. Jump Host 1 (Linux): Compromised web server in the DMZ.
3. Jump Host 2 (Windows): Compromised workstation in the internal network.
4. Target: The Domain Controller deep inside.

To reach the target from your laptop, you’re juggling:

• ssh -L tunnels to the Team Server.
• chisel client/server connections for SOCKS proxy.
• ligolo-ng sessions for Layer 3 VPN.
• sshuttle for quick transparent proxying.

The Pain Points

1. Where is that port going? You have 5 terminals open. Is localhost:8080 forwarding to the internal web app, or is it the SOCKS proxy? Is localhost:3389 the DC RDP or the Jump Host RDP?

2. The Dead Tunnel: Tunnels die. Network hiccups, target reboots. You don’t realize your Chisel connection dropped until your scanner times out 10 minutes later.

3. Route Management: Tools like ligolo or sshuttle require modifying the host routing table (ip route add). Forgetting to clean up routes after a session leaves your networking stack in a broken state.

The Solution: Tunnel Manager (tmgr)

We need a tool to orchestrate this chaos. Not just another wrapper, but a state-aware manager for all your pivoting needs.

Concept: Unified CLI Dashboard

Imagine running tmgr list and seeing:

ID  Label            Type    Local Port  Remote Target         Status    PID
1   WebApp-Internal  SSH     8080        internal-web:80       ALIVE     12345
2   RDP-DC01         Chisel  3389        10.0.0.5:3389         ALIVE     12346
3   VPN-Internal     Ligolo  tun0        172.16.20.0/24        DEAD      -

Killer Features:

• Auto-Reconnect: A watchdog process that pings the tunnel endpoint and restarts the connection if it drops.
• Route Automation: Automatically add/remove system routes when a VPN-style tunnel (Ligolo/sshuttle) goes up/down.
• Credential Store: securely store SSH keys and Chisel auth tokens so you don’t have to hardcode them in your history.

What’s Next?

This is still in the design phase. But if you’ve ever lost a critical shell because you forgot which terminal was running the tunnel, you know why this needs to exist.

Stay tuned. We might just build it.