Bore: A Fast, Lightweight TCP Tunnel to Expose Local Ports Online

If you’ve ever struggled to make your local web server accessible to external testers, don’t despair because today I’m going to introduce you to Bore, a little utility that will change your life, like all the great tools I present here.

Developed by Eric Zhang (the same one who delighted us with SSHX yesterday), Bore is a next-generation TCP tunnel coded in Rust. Its purpose is to allow you to expose any local port on the Internet in a matter of seconds, without the hassle of configuring your router or firewall.

Unlike some solutions that overwhelm you with features you’ll never use, Bore adopts a radically simple philosophy: it does one thing, but it does it particularly well. Its source code contains only 400 lines of secure asynchronous Rust, which probably makes it one of the lightest and most auditable tools in its category.

There are several options for installing Bore:

• On macOS via Homebrew: brew install bore-cli
• Via Cargo (the Rust package manager): cargo install bore-cli
• With Docker: docker run -it --init --rm --network host ekzhang/bore <ARGS>

You can also directly download the precompiled binaries from the GitHub releases page for Windows, macOS, or Linux.

Imagine you’re developing a web application on local port 8000 and you want to show it to a client. Well, it’s easy—here’s how to proceed:

bore local 8000 --to bore.pub

And there you go!!! Your application is instantly accessible via bore.pub:, where is an automatically assigned number. No account to create, no complex configuration, no hidden bandwidth limitations.

Though minimalist, Bore offers some well-thought-out options:

• --local-host: to expose a service that isn’t on localhost
• --port: to choose a specific port on the remote server (if available)
• --secret: to secure access with a shared key

Bore.pub is super handy for quick tests, but nothing prevents you from hosting your own Bore server. This is quite interesting for enterprise use, for example:

bore server bore local 8000 --to your-server.com

You can even configure allowed port ranges and an authentication secret:

bore server --min-port 1024 --max-port 65535 --secret yoursecret

Bore primarily uses a smart architecture based on two components:

• A control port (7835) that manages the establishment of connections
• Distinct TCP connections for each data tunnel

So, when a client requests to expose a port, here’s what happens:

1. The client sends a “Hello” request to the server
2. The server starts listening on the remote port
3. For each new incoming connection, the server generates a UUID
4. The client opens a new TCP connection and sends the UUID
5. The server bridges the two connections

Of course, for security reasons, incoming connections are only retained for a maximum of 10 seconds before being discarded if the client does not accept them. The secret-based authentication also uses a challenge-response system based on HMAC codes to verify possession of the secret with each TCP connection. Moreover, this verification only concerns the initial connection phase, as traffic is not encrypted by default.

Here are a few essential rules to keep in mind:

• Always use the --secret option on a public server
• Limit exposed ports to the bare minimum
• Monitor incoming connections
• Do not expose sensitive services without additional authentication

Of course, Bore is not a universal solution, and if you need advanced features like HTTPS support, traffic inspection, or complex routing rules, you’ll still have to turn to alternatives like ngrok or localtunnel… But for 90% of use cases, the simplicity and efficiency of Bore make it an excellent choice. It’s once again the perfect illustration of the UNIX principle: do one thing, but do it perfectly. It’s what I’ve been doing for over 20 years with my website when I think about it… lol.

Discover Bore on GitHub.