whatisgithub

What is chisel?

jpillora/chisel — explained in plain English

Analysis updated 2026-06-24

16,002GoAudience · ops devopsComplexity · 2/5Setup · easy

In one sentence

Chisel is a single-file networking tool that punches a secure encrypted tunnel through firewalls and corporate proxies by disguising traffic as ordinary web requests.

Mindmap

mindmap
  root((chisel))
    How it works
      HTTP transport
      SSH encryption
      Single binary
    Tunnel modes
      Forward ports
      Reverse tunnels
      SOCKS5 proxy
    Features
      Auth users file
      Auto reconnect
      Let Encrypt TLS
    Use cases
      Bypass firewalls
      Remote access
      Network bridging
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Expose a local development server to a remote colleague when both are behind separate corporate firewalls.

USE CASE 2

Give a remote helper temporary SSH-secured access to a service running on a private home or office network.

USE CASE 3

Bridge two isolated networks quickly for testing without setting up a full VPN.

USE CASE 4

Use SOCKS5 proxying through Chisel to route browser traffic securely over an untrusted network.

What is it built with?

GoSSHHTTPDocker

How does it compare?

jpillora/chiselmailhog/mailhogffuf/ffuf
Stars16,00215,96716,040
LanguageGoGoGo
Setup difficultyeasyeasyeasy
Complexity2/52/52/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

So what is it?

Chisel is a small networking tool that creates a tunnel between two machines, letting traffic that would normally be blocked travel between them by disguising it as ordinary web traffic. The README describes it as a fast TCP/UDP tunnel transported over HTTP and secured via SSH. It ships as a single executable that acts as either the server or the client depending on the subcommand you run. The idea is to deal with a common annoyance: you have a service running somewhere, but a firewall or a corporate proxy stands between you and it. Chisel works around that by carrying the real connection inside an HTTP session, which most networks allow. To stop anyone in the middle from listening in, the inner channel is encrypted using the SSH protocol. The server listens on a normal HTTP port and the client connects to it, after which the client can forward local ports to remote ones or, in reverse mode, forward server-side ports out through the client. Multiple tunnel endpoints can share one TCP connection. Optional extras include authentication via a users config file, fingerprint matching, SOCKS5 proxying in either direction, the ability for the server to double as a plain reverse proxy so Chisel hides in plain sight, automatic reconnect with exponential backoff, and TLS with auto-issued certificates via Let's Encrypt. Someone would reach for Chisel to expose a development server behind a corporate firewall, give a remote helper access to a machine on a private network, or bridge two networks for a quick test. It is written in Go and distributed as prebuilt binaries, a Docker image, a Fedora RPM package, and via go install. The full README is longer than what was provided.

Copy-paste prompts

Prompt 1
I want to expose my local port 3000 dev server through a Chisel server running on a public VPS so a remote colleague can review it. Give me the exact server and client commands.
Prompt 2
Set up Chisel in reverse tunnel mode so a machine on my private network can be reached from the Chisel server side. Show me the commands for both ends.
Prompt 3
Configure Chisel server with a users auth file so only specific clients with the right credentials can connect.
Prompt 4
I want Chisel to also act as a reverse proxy so it hides behind a normal-looking website. How do I enable that and what does the config look like?
Prompt 5
Help me run Chisel in a Docker container as a persistent background tunnel server with auto-restart and TLS via Let's Encrypt.

Frequently asked questions

What is chisel?

Chisel is a single-file networking tool that punches a secure encrypted tunnel through firewalls and corporate proxies by disguising traffic as ordinary web requests.

What language is chisel written in?

Mainly Go. The stack also includes Go, SSH, HTTP.

How hard is chisel to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is chisel for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.