Internal Vulnerability Scans using Tailscale

Tailscale User:
Hi Tailscale Team,

Thanks for developing a great solution! I’d like to use Tailscale to perform internal vulnerability scans on client networks. Instead of doing a reverse shell to gain access to a machine on the internal network, how can I use Tailscale?

Example:

  • Set up Tailscale as a relay node : https://tailscale.com/kb/1019/subnets
  • Send client a small linux machine with Tailscale installed
  • Connect linux machine to the internal subnet to be scanned
  • Connect to linux machine from an external Tailscale machine to initiate the scan

Appreciate your time. Thanks, John

Tailscale support: Yeah, that works.

You don’t necessarily need the relay node part if you’re shipping them a Raspberry Pi or whatever. Just ship it, have them plug it in, and then ssh to your Pi and run the scan from the Pi.

But if your scanning tools need to run from your machine or another operating system then the subnet router relay node works too.