Run multiple Exegol penetration testing containers simultaneously with browser-based remote desktop access, using the official Exegol CLI.
exegol info # List all containers and their status
exegol stop my-box # Stop a running container
exegol rm my-box # Remove a container entirelyThe wrapper script calls the official exegol CLI with sensible defaults and auto-sets the VNC password so you can connect without a password prompt.
exegol [name] [--port PORT] [--vpn FILE] [--log] [--privileged]| Argument | Default | Description |
|---|---|---|
name |
exegol-htb |
Container name (actual container is exegol-<name>) |
--port PORT |
45377 |
noVNC web port |
--vpn FILE |
— | OpenVPN config file to pass to the CLI |
--log |
— | Enable Exegol logging |
--privileged |
— | Run with full privileges (use if tools fail) |
On first start, the wrapper background-sets root:exegol via docker exec. When the desktop is ready you'll see:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ Desktop ready!
URL: http://exegol.internal:PORT/vnc.html
User: root | Password: exegol
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
If the container exegol-<name> already exists, the script calls exegol start <name> to resume it (the official CLI restarts it and re-attaches the desktop).
Each container needs a unique noVNC port.
| Port | Use Case | Command |
|---|---|---|
| 45377 | HTB exploitation (default) | exegol |
| 45378 | OSINT / reconnaissance | exegol osint --port 45378 |
| 45379 | Dev / tool testing | exegol dev --port 45379 |
| 45380+ | Additional containers | exegol box2 --port 45380 |
- Isolation: Keep HTB exploitation separate from OSINT work
- Persistence: Each container keeps its own shell history and tool state
- Parallel work: Work on multiple boxes or tasks simultaneously
- Clean separation: Different tools/configs per engagement
# Connect VPN and start default container
htb-vpn ~/htb/starting-point.ovpn
exegol
# Access at http://exegol.internal:45377/vnc.html (root / exegol)
# Attach a terminal alongside the desktop:
docker exec -it exegol-exegol-htb zshexegol osint-work --port 45378
# Access at http://exegol.internal:45378/vnc.html
# Tools: maltego, spiderfoot, recon-ng, theHarvesterexegol dev-test --port 45379
# Access at http://exegol.internal:45379/vnc.htmlexegol htb-box1 --port 45377
exegol htb-box2 --port 45378
# Two browser tabs, two separate environments
# Both share the host VPN (tun0)# Start (creates container + desktop)
exegol my-box --port 45378
# Work in browser at http://exegol.internal:45378/vnc.html
# Stop when done
exegol stop my-box
# Remove container entirely
exegol rm my-box# Re-enter existing container (wrapper detects it exists)
exegol my-box --port 45378# Open a shell in a running container
docker exec -it exegol-my-box zshexegol-list # alias for: exegol info- Check the container is running:
exegol info - Verify the container name: Exegol CLI names containers
exegol-<name> - Check port availability:
ss -tlnp | grep 45377 - Try stopping and restarting:
exegol stop my-box && exegol my-box
The wrapper auto-sets root:exegol in a background job. If you see a password prompt, the background job may not have run yet (container took >60s to start). Set it manually:
docker exec exegol-my-box bash -c "echo 'root:exegol' | chpasswd"Error: Port 45378 is already in use
Use a different port or find what's using it:
ss -tlnp | grep 45378
exegol my-box --port 45380- Exegol uses
--network hostand inherits the host's tun0 interface - Check VPN on host:
htb-vpn status - Check routing:
ip route show dev tun0 - All containers share the same VPN connection
# Check for name conflicts
exegol info
# Remove stale container and retry
exegol rm my-box
exegol my-box --port 45378See also: Quick Reference for command cheat sheet