All Projects → ssh-mitm → Ssh Mitm

ssh-mitm / Ssh Mitm

Licence: lgpl-3.0
ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Ssh Mitm

Wolfssh
wolfSSH is a small, fast, portable SSH implementation, including support for SCP and SFTP.
Stars: ✭ 142 (-57.61%)
Mutual labels:  sftp, scp, ssh, ssh-client, ssh-server
Lssh
List selection type alternative ssh/scp/sftp client. Pure Go.
Stars: ✭ 110 (-67.16%)
Mutual labels:  sftp, scp, ssh, ssh-client
S3 Sftp Proxy
An AWS S3 gateway proxying SFTP connections.
Stars: ✭ 112 (-66.57%)
Mutual labels:  proxy, sftp, scp, ssh
Sshj
ssh, scp and sftp for java
Stars: ✭ 2,016 (+501.79%)
Mutual labels:  sftp, scp, ssh, ssh-client
Sync
syncs your local folder with remote folder using scp
Stars: ✭ 293 (-12.54%)
Mutual labels:  sftp, scp, ssh
Winscp
WinSCP is a popular free SFTP and FTP client for Windows, a powerful file manager that will improve your productivity. It supports also Amazon S3, FTPS, SCP and WebDAV protocols. Power users can automate WinSCP using .NET assembly.
Stars: ✭ 794 (+137.01%)
Mutual labels:  sftp, scp, ssh
Docker Sshd
Minimal Alpine Linux Docker image with sshd exposed and rsync installed
Stars: ✭ 291 (-13.13%)
Mutual labels:  sftp, ssh, ssh-server
Proxify
Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
Stars: ✭ 1,153 (+244.18%)
Mutual labels:  proxy, mitm, mitmproxy
Goph
🤘 The native golang ssh client to execute your commands over ssh connection. 🚀🚀
Stars: ✭ 734 (+119.1%)
Mutual labels:  sftp, ssh, ssh-client
Mastermind
Man in the middle testing
Stars: ✭ 341 (+1.79%)
Mutual labels:  proxy, mitm, mitmproxy
Proxy.py
⚡⚡⚡Fast, Lightweight, Pluggable, TLS interception capable proxy server focused on Network monitoring, controls & Application development, testing, debugging
Stars: ✭ 1,291 (+285.37%)
Mutual labels:  proxy, mitm, mitmproxy
Secret Agent
The web browser that's built for scraping.
Stars: ✭ 151 (-54.93%)
Mutual labels:  proxy, mitm, mitmproxy
Bettercap
DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
Stars: ✭ 2,518 (+651.64%)
Mutual labels:  proxy, security-audit, mitm
Libssh2
the SSH library
Stars: ✭ 743 (+121.79%)
Mutual labels:  sftp, scp, ssh
ssh2.nim
Async SSH, SCP and SFTP client for Nim, using libssh2 wrapper [WIP]
Stars: ✭ 17 (-94.93%)
Mutual labels:  ssh, sftp, scp
Gsnova
Private proxy solution & network troubleshooting tool.
Stars: ✭ 509 (+51.94%)
Mutual labels:  proxy, ssh, mitmproxy
Bastillion
Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys.
Stars: ✭ 2,730 (+714.93%)
Mutual labels:  ssh, ssh-client, ssh-server
Cowrie
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
Stars: ✭ 3,810 (+1037.31%)
Mutual labels:  sftp, scp, ssh
Sidedoor
SSH connection daemon for Debian/Raspbian/Ubuntu/etc
Stars: ✭ 97 (-71.04%)
Mutual labels:  proxy, ssh, ssh-client
termscp
🖥 A feature rich terminal UI file transfer and explorer with support for SCP/SFTP/FTP/S3
Stars: ✭ 707 (+111.04%)
Mutual labels:  sftp, scp, ssh-client

ssh-mitm - intercept ssh traffic Tweet

CodeFactor Documentation Status PyPI downloads GitHub PRs Welcome

man in the middle (mitm) server for security audits supporting public key authentication, session hijacking and file manipulation

SSH-MITM example

Give a Star! ⭐️

This keeps me motivated in developing this tool. Thanks!

NEW in 0.4.3 - 2021-03-09

  • compatibility with dropbear ssh clients

Full Changelog

Features

  • Hijacking and logging of terminal sessions
  • SCP and SFTP
    • store files
    • replace files
    • inject additional files
  • Agent Forwarding
  • Port Forwarding
  • Check and test clients against known vulnerabilities
  • Plugin support

Installation of SSH-MITM

The first step to using any software package is getting it properly installed.

To install SSH-MITM, simply run this simple command in your terminal of choice:

$ pip install ssh-mitm

If you want to install all supported plugins for ssh-mitm you can install them with:

$ pip install ssh-mitm[plugins]

Quickstart

Starting an intercepting mitm-ssh server with password authentication and session hijacking is very simple.

All you have to do is run this command in your terminal of choice.

$ ssh-mitm --remote-host 192.168.0.x

Now let's try to connect to the ssh-mitm server. The ssh-mitm server is listening on port 10022.

$ ssh -p 10022 [email protected]

You will see the credentials in the log output.

2021-01-01 11:38:26,098 [INFO]  Client connection established with parameters:
    Remote Address: 192.168.0.x
    Port: 22
    Username: user
    Password: supersecret
    Key: None
    Agent: None

Session hijacking

Getting the plain text credentials is only half the fun. When a client connects, the ssh-mitm starts a new server, which is used for session hijacking.

2021-01-01 11:42:43,699 [INFO]  created injector shell on port 34463.
                                connect with: ssh -p 34463 127.0.0.1

To hijack the session, you can use your favorite ssh client. This connection does not require authentication.

$ ssh -p 34463 127.0.0.1

After you are connected, your session will only be updated with new responses, but you are able to execute commands.

Try to execute somme commands in the hijacked session or in the original session.

The output will be shown in both sessions.

Important note

SSH-MITM should not be used as a jump host!

It's intended to be used during security audits and not for separating networks.

If you need a jump host with audit capabilities (for security compliences), you can find a comparison of jump hosts in SSH-MITM's documentation.

Contributing

Pull requests are welcome.

For major changes, please open an issue first to discuss what you would like to change.

See also the list of contributors who participated in this project.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].