pwnat Package Description

pwnat, pronounced “poe-nat”, is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to connect.
Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT, without any 3rd party.

pwnat Homepage | Kali pwnat Repo

  • Author: Samy Kamkar
  • License: GPLv3

Tools included in the pwnat package

pwnat – NAT to NAT client-server communication
root@kali:~# pwnat -h
usage: pwnat <-s | -c> <args>
  -c    client mode (default)
        <args>: [local ip] <local port> <proxy host> [proxy port (def:2222)] <remote host> <remote port>
  -s    server mode
        <args>: [local ip] [proxy port (def:2222)] [[allowed host]:[allowed port] ...]
  -6    use IPv6
  -v    show debug output (up to 2)
  -h    show this help and exit
pwnat Usage Example

On the server, run in server mode (-s) on port 8080 (8080.
On the client, run in client mode (-c) on local port 8000 (8000), connect to the server IP ( on port 8080 (8080) and use it to connect to on port 80 ( 80).

root@kali:~# pwnat -s 8080
Listening on UDP
root@kali:~# pwnat -c 8000 8080 80
Listening on TCP
New connection(1): tcp:// -> udp://