What is Ngrok? Definition, Install Process, Use in Kali Linux

Ngrok is a platform that, using the installed utility, allows you to organize remote access to a web server or some other service running on a PC. Access is organized through the secure tunnel created when ngrok starts. At the same time, the PC can be behind NAT and not have a static IP address.What is Ngrok? Definition, Install Process, Use in Kali Linux

Latest Articles

It is not at all necessary to drag the test project somewhere else, you can show it to the customer directly from the local machine, or, for example, using Ngrok, you can very easily share files on your PC.

  • What is Ngrok?
  • How does ngrok work?
  • how to install ngrok
  • Ngrok Commands
    • Setup Ngrok Authtoken
    • Credits command reference
    • Ngrok Https command reference
    • Start command reference
    • Tcp command reference
    • Tls command reference
    • Update command reference
  • How to use ngrok

What is Ngrok?


The ngrok tool makes local services available on the global network, even if the computer does not have a static IP address and is behind NAT and firewalls.

With ngrok, any port on your local computer will be accessible from the Internet through a secure tunnel. For example, you can make your local web server accessible from the Internet via a direct link without additional configuration. What is Ngrok? Definition, Install Process, Use in Kali Linux

How does ngrok work?

You download and run a tool on your machine and specify the port of a network service, usually a web server.

The program connects to the ngrok cloud service, which gives you a generated address (third-level domain). If you open this address in a web browser, then the traffic will be redirected to your local network service or to any address that you specify. What is Ngrok? Definition, Install Process, Use in Kali Linux

What is ngrok used for?

  • Demonstration of websites without deployment on real hosting
  • Creating web hooks on your computer for software development
  • Testing mobile apps connected to a locally running backend
  • Stable addresses for connected devices deployed in the field
  • Launch personal cloud services from your home

How to install ngrok in Kali Linux?

Installation on Kali Linux

to install ngrok in Kali Linux first we need to download Ngrok from terminal


wget `curl -s | grep -o -E '[A-Za-z0-9]{4,}/'`

Extract Ngrok


install it

chmod +x ./ngrok./ngrok -h

Ngrok Commands

What are the most important commands and how to use them

Setup Ngrok Authtoken

Authtoken command reference
authtoken stores the authentication token in a config file.


The authtoken command modifies your config file to write the specified authtoken to it. By default, this config file is located at $ HOME / .ngrok2 / ngrok.yml .

To use many of the advanced features of the service, the service requires you to register for an account. To associate your client with an account, they must pass a secret token to the service at startup. Instead of passing this authtoken on every call, you can use this command to store it in a config file so that your client always authenticates you properly.


./ngrok authtoken MJHGSkjst2HNWLXui5PM_qCaBq0W2sNFcCa0olTAs

Credits command reference

credits prints information about the author and licensing.


./ngrok credits
What is Ngrok? Definition, Install Process, Use in Kali Linux

Ngrok Https command reference

http starts an HTTP tunnel.

Using: ngrok http [COMMAND OPTIONS] [ARGUMENTS …]


Starts a tunnel listening for HTTP / HTTPS traffic with the specified hostname. The HTTP Host header on incoming public requests is checked to determine which tunnel is right for it.

HTTPS endpoints terminate TLS traffic on the ngrok server using certificates. The decrypted HTTP traffic is then routed through a secure tunnel and then to your local server. If you don’t want your TLS traffic to end on the ngrok server, use a TLS or TCP tunnel.


Redirects subdomain to local port 80:

./ngrok http 8080

Redirects traffic to

./ngrok http

Requests the subdomain name: ‘’

./ngrok http -subdomain=bar 80

Requests tunnel ‘’ (DNS CNAME):

./ngrok http 1234

Requests basic authentication on the tunnel endpoint:

./ngrok http -auth='falken:joshua' 80

Rewrites the Host header to ‘’:

./ngrok http 80

Allows access from the Internet to local files in /var/log:

./ngrok http file:///var/log

Redirects to local https server:

./ngrok http https://localhost:8443

Start command reference

start starts the tunnel by name from the config file.
Using: ngrok start [COMMAND OPTIONS] [ARGUMENTS …]

The Ngrok start command Runs tunnels by name from a config file. You can specify any number of tunnel names. You can start all tunnels from the configuration file by specifying the –all switch.

Run a tunnel named in the ‘dev’ config file:

./ngrok start dev

Run the ‘web’ and ‘blog’ tunnels:

./ngrok start web blog

Run all tunnels defined in the config file:

./ngrok start --all

Tcp command reference

tcp starts a TCP tunnel.
Using: ngrok tcp [COMMAND OPTIONS] [ARGUMENTS …]

The TCP Command Launches a tunnel that redirects all TCP traffic from the public port to the local address. This is extremely useful for providing services that run on non-HTTP traffic (ssh, sip, rdp, game servers, etc.).

A TCP tunnel binds a public address on a remote ngrok server. Any services that require a stable public address should use the –remote-addr parameter. requires you to reserve a TCP tunnel address for your account before you can use it.


Forward port to your local ssh server

./ngrok tcp 22

Provide an RDP server at a specific public address that you have reserved

ngrok tcp 3389

Tls command reference

tls starts a TLS tunnel.
Using: ngrok tls [COMMAND OPTIONS] [ARGUMENTS …]

The tls command Starts a tunnel to listen for TLS traffic on port 443 with the specified hostname. The TLS SNI (Server Name Indication) extension field on the TLS connection is checked to determine which tunnel it fits into.

The ngrok server does not terminate TLS connections forwarded with this command. Any basic protocol can be used. Optionally, you can specify a TLS key / certificate pair that will be used to terminate client-side traffic before it is forwarded. If not specified, traffic will be sent encrypted.

The use of this command is recommended only with the -hostname option. Other uses will work, but will always result in certificate mismatch warnings.


Forward TLS traffic for to port 443 (CNAME required)

./ngrok tls 443

Forward TLS traffic to subdomain (certificate mismatch warning)

./ngrok tls 1234

Terminate TLS traffic for before forwarding

./ngrok tls -crt=/path/to/ -key=/path/to/ 443

Update command reference

updates ngrok to the latest version.
Using: ngrok update [COMMAND OPTIONS] [ARGUMENTS …]

Updates ngrok to the latest version. This command checks the ngrok web service for newer versions of the ngrok client. If a newer version is available, it will be downloaded, the downloaded file will be authenticated and the current executable file will be replaced with the new one.

For a successful update, the ngrok binary must be in a writable directory by the current user. If you put ngrok in your system PATH, you may need to run it as root or administrator.


Update ngrok to the latest stable version:

./ngrok update

Update ngrok to the latest beta version:

./ngrok update -channel=beta

How to use ngrok

Examples of running ngrok
Create a tunnel from the generated subdomain accessible via a public link to local port 80 (web server):

./ngrok http 80

Immediately after launch, you can see that the service created a temporary subdomain of the form to provide access to the PC, and locally at, a panel was launched that displays data on remote connections to the tunnel. We try to open the domain from anywhere, and get access to the directory configured on the web server.

Tunnel to the specified HOST: PORT ( instead of localhost:

./ngrok http

Make the local HTTPS server accessible from the global network:

./ngrok http https://localhost

Tunneling arbitrary TCP traffic to port 22:

./ngrok tcp 22

Creating a tunnel (http) to the site using the https protocol ( with replacing the Host HTTP header with (-host-header = :

ngrok http

Good to know

If you plan to use the server often, it makes sense to register on, pick up the token from the authorization settings page , and add it to the local client using the command:

./ngrok authtoken 5vEpKbBvnjSrMqZIkYJLb_2sbNRQbxZm0PSo23X6QpQ

The token will be written to the file ~ / .ngrok2 / ngrok.yml and now, the client, when working with the service, will authorize on it. This will provide access to free fare, but with limits b About lshimi than available are not an authorized user. On paid plans, there are additional features that make working with the service convenient (reserve of subdomains, for example), but within the framework of this note, I am considering only what the user can use without payment.

We proxy to other PCs on the local network
It is not at all necessary to keep the web server on the same machine where Ngrok runs. If the service on the local network is running on a separate machine, we can proxy traffic there:

./ngrok http

We work not only with the web server
In fact, we can configure remote access to any tcp service running on a PC. For example, if we want to get access via SSH, we can do like this:

./ngrok tcp 22

At the same time, from the service we will receive an address of the form tcp: // 18211 -> localhost: 22, and to access the PC we just need to connect via SSH to the hostname and the port 18211. Those who like to raise game servers can do the same. Just start proxying to the desired tcp port, give the coordinates to your friends and start playing.

Installing on Windows

Go to the official website page and download ngrok for Windows:

Unpack the downloaded archive, open the command line and go to the folder with the executable file using cd , for example, my program is placed in the C:\Users\WTS\Downloads\ folder :

cd C:\Users\WTS\Downloads\

To check, display the help with the command:

.\ngrok -h
Spread the love

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *