{"id":13505362,"url":"https://github.com/ssh-mitm/ssh-mitm","last_synced_at":"2025-05-13T23:03:58.539Z","repository":{"id":37094423,"uuid":"269137017","full_name":"ssh-mitm/ssh-mitm","owner":"ssh-mitm","description":"SSH-MITM - ssh audits made simple","archived":false,"fork":false,"pushed_at":"2025-03-09T08:31:32.000Z","size":104820,"stargazers_count":1382,"open_issues_count":16,"forks_count":149,"subscribers_count":27,"default_branch":"master","last_synced_at":"2025-05-07T18:07:18.242Z","etag":null,"topics":["mitm","mitm-attacks","mitm-server","mitmproxy","proxy","scp","security","security-audit","security-tools","sftp","ssh","ssh-client","ssh-mitm","ssh-server"],"latest_commit_sha":null,"homepage":"https://docs.ssh-mitm.at","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ssh-mitm.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-06-03T16:18:48.000Z","updated_at":"2025-05-05T10:55:31.000Z","dependencies_parsed_at":"2023-10-28T09:27:25.890Z","dependency_job_id":"99c0472c-0db2-418a-baf6-7d8031e95ec2","html_url":"https://github.com/ssh-mitm/ssh-mitm","commit_stats":{"total_commits":959,"total_committers":17,"mean_commits":"56.411764705882355","dds":0.5109489051094891,"last_synced_commit":"01819b355ec1bc6f8c239e2fc4181063a67432c2"},"previous_names":["ssh-mitm/ssh-proxy-server"],"tags_count":80,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssh-mitm%2Fssh-mitm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssh-mitm%2Fssh-mitm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssh-mitm%2Fssh-mitm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssh-mitm%2Fssh-mitm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ssh-mitm","download_url":"https://codeload.github.com/ssh-mitm/ssh-mitm/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254040385,"owners_count":22004527,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mitm","mitm-attacks","mitm-server","mitmproxy","proxy","scp","security","security-audit","security-tools","sftp","ssh","ssh-client","ssh-mitm","ssh-server"],"created_at":"2024-08-01T00:01:03.320Z","updated_at":"2025-05-13T23:03:58.513Z","avatar_url":"https://github.com/ssh-mitm.png","language":"Python","readme":"\u003ch1 align=\"center\"\u003e SSH-MITM - ssh audits made simple \u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/ssh-mitm/ssh-mitm\"\u003e\n    \u003cimg alt=\"SSH-MITM intercepting password login\" title=\"SSH-MITM\" src=\"https://docs.ssh-mitm.at/_images/intro.png\" \u003e\n  \u003c/a\u003e\n  \u003cp align=\"center\"\u003essh man-in-the-middle (ssh-mitm) server for security audits supporting\u003cbr\u003e \u003cb\u003epublickey authentication\u003c/b\u003e, \u003cb\u003esession hijacking\u003c/b\u003e and \u003cb\u003efile manipulation\u003c/b\u003e\u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n   \u003ca href=\"https://github.com/ssh-mitm/ssh-mitm/releases/latest/download/ssh-mitm-x86_64.AppImage\"\u003e\u003cimg height='56' alt='Download as an AppImage' src='https://docs.appimage.org/_images/download-appimage-banner.svg'/\u003e\u003c/a\u003e\n   \u0026nbsp;\u0026nbsp;\u0026nbsp;\n   \u003ca href=\"https://flathub.org/apps/at.ssh_mitm.server\"\u003e\u003cimg height='56' alt='Download on Flathub' src='https://dl.flathub.org/assets/badges/flathub-badge-en.png'/\u003e\u003c/a\u003e\n   \u0026nbsp;\u0026nbsp;\u0026nbsp;\n   \u003ca href=\"https://snapcraft.io/ssh-mitm\"\u003e\u003cimg  height='56' alt=\"Get it from the Snap Store\" src=\"https://snapcraft.io/static/images/badges/en/snap-store-black.svg\" /\u003e\u003c/a\u003e\n   \u003cbr /\u003e\n   \u003cbr /\u003e\n   \u003ca href=\"https://docs.ssh-mitm.at\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/ssh-mitm/ssh-mitm/master/doc/_static/readthedocslogo.png\" title=\"read the docs\" width=\"256\"\u003e\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n\n\u003ch3 align=\"center\"\u003eContributors\u003c/h3\u003e\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://github.com/ssh-mitm/ssh-mitm/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=ssh-mitm/ssh-mitm\" /\u003e\n\u003c/a\u003e\n\u003c/p\u003e\n\n## Table of Contents\n\n- [Introduction](#introduction)\n- [Features](#features)\n- [Installation](#installation)\n- [Quickstart](#quickstart)\n- [Session hijacking](#session-hijacking)\n- [Phishing FIDO Tokens](#phishing-fido-tokens)\n- [Contributing](#contributing)\n- [Contact](#contact)\n\n## Introduction\n\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8906/badge)](https://www.bestpractices.dev/projects/8906)\n[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)\n[![CodeFactor](https://www.codefactor.io/repository/github/ssh-mitm/ssh-mitm/badge)](https://www.codefactor.io/repository/github/ssh-mitm/ssh-mitm)\n[![Documentation Status](https://readthedocs.org/projects/ssh-mitm/badge/?version=latest)](https://docs.ssh-mitm.at/?badge=latest)\n[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)\n[![GitHub](https://img.shields.io/github/license/ssh-mitm/ssh-mitm?color=%23434ee6)](https://github.com/ssh-mitm/ssh-mitm/blob/master/LICENSE)\n\u003ca rel=\"me\" href=\"https://defcon.social/@sshmitm\"\u003e\u003cimg src=\"https://img.shields.io/mastodon/follow/109597663767801251?color=%236364FF\u0026domain=https%3A%2F%2Fdefcon.social\u0026label=Mastodon\u0026style=plastic\"\u003e\u003c/a\u003e\n\n\n**SSH-MITM** is a man in the middle SSH Server for security audits and malware analysis.\n\nPassword and **publickey authentication** are supported and SSH-MITM is able to detect, if a user is able to login with publickey authentication on the remote server. This allows SSH-MITM to accept the same key as the destination server. If publickey authentication is not possible, the authentication will fall back to password-authentication.\n\nWhen publickey authentication is possible, a forwarded agent is needed to login to the remote server. In cases, when no agent was forwarded, SSH-MITM can rediredt the session to a honeypot.\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Features\n\n* publickey authentication\n   * accept same key as destination server\n   * Phishing FIDO Tokens ([Information from OpenSSH](https://www.openssh.com/agent-restrict.html))\n* hijacking and logging of terminal sessions\n* store and replace files during SCP/SFTP file transferes\n* port porwarding\n  * SOCKS 4/5 support for dynamic port forwarding\n* intercept MOSH connections\n* audit clients against known vulnerabilities\n* plugin support\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Installation\n\n**SSH-MITM** can be installed as a\n[Flatpak](https://flathub.org/apps/at.ssh_mitm.server),\n[Ubuntu Snap](https://snapcraft.io/ssh-mitm),\n[AppImage](https://github.com/ssh-mitm/ssh-mitm/releases/latest)\nand [PIP-Package](https://pypi.org/project/ssh-mitm/).\n\nCommunity-supported options include installations via `[Nix](https://search.nixos.org/packages?channel=unstable\u0026show=ssh-mitm\u0026type=packages\u0026query=ssh-mitm) and running on [Android devices](https://github.com/ssh-mitm/ssh-mitm/discussions/83#discussioncomment-1531873).\n\nInstall from Flathub:\n\n    flatpak install flathub at.ssh_mitm.server\n    flatpak run at.ssh_mitm.server\n\nInstall from Snap store:\n\n    sudo snap install ssh-mitm\n\nInstall as AppImage:\n\n    wget https://github.com/ssh-mitm/ssh-mitm/releases/latest/download/ssh-mitm-x86_64.AppImage\n    chmod +x ssh-mitm*.AppImage\n\nInstall python package:\n\n    python3 -m pip install ssh-mitm\n\nFor more installation methods, refer to the [SSH-MITM installation guide](https://docs.ssh-mitm.at/get_started/installation.html).\n\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Quickstart\n\nTo start SSH-MITM, all you have to do is run this command in your terminal of choice.\n\n    ssh-mitm server --remote-host 192.168.0.x\n\nNow let's try to connect. SSH-MITM is listening on port 10022.\n\n    ssh -p 10022 testuser@proxyserver\n\nYou will see the credentials in the log output.\n\n    INFO     Remote authentication succeeded\n        Remote Address: 127.0.0.1:22\n        Username: testuser\n        Password: secret\n        Agent: no agent\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Session hijacking\n\nGetting the plain text credentials is only half the fun.\nWhen a client connects, the ssh-mitm starts a new server, which is used for session hijacking.\n\n    INFO     ℹ created mirrorshell on port 34463. connect with: ssh -p 34463 127.0.0.1\n\nTo hijack the session, you can use your favorite ssh client.\n\n    ssh -p 34463 127.0.0.1\n\nTry to execute somme commands in the hijacked session or in the original session.\n\nThe output will be shown in both sessions.\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Phishing FIDO Tokens\n\nSSH-MITM is able to phish FIDO2 Tokens which can be used for 2 factor authentication.\n\nThe attack is called [trivial authentication](https://docs.ssh-mitm.at/trivialauth.html) ([CVE-2021-36367](https://docs.ssh-mitm.at/CVE-2021-36367.html), [CVE-2021-36368](https://docs.ssh-mitm.at/CVE-2021-36368.html)) and can be enabled with the command line argument `--enable-trivial-auth`.\n\n  ssh-mitm server --enable-trivial-auth\n\nUsing the trivial authentication attack does not break password authentication, because the attack is only performed when a publickey login is possible.\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eVideo explaining the phishing attack:\u003c/b\u003e\u003cbr/\u003e\n  \u003ci\u003eClick to view video on vimeo.com\u003c/i\u003e\u003cbr/\u003e\n  \u003ca href=\"https://vimeo.com/showcase/9059922/video/651517195\"\u003e\n  \u003cimg src=\"https://github.com/ssh-mitm/ssh-mitm/raw/master/doc/images/ds2021-video.png\" alt=\"Click to view video on vimeo.com\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003e\u003ca href=\"https://github.com/ssh-mitm/ssh-mitm/files/7568291/deepsec.pdf\"\u003eDownlaod presentation slides\u003c/a\u003e\u003c/b\u003e\n\u003c/p\u003e\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Contributing\n\nContributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.\n\nIf you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag \"enhancement\".\nDon't forget to give the project a star! Thanks again!\n\n1. Fork the Project\n2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)\n3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)\n4. Push to the Branch (`git push origin feature/AmazingFeature`)\n5. Open a Pull Request\n\nSee also the list of [contributors](https://github.com/ssh-mitm/ssh-mitm/graphs/contributors) who participated in this project.\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Contact\n\n- E-Mail: support@ssh-mitm.at\n- [Issue Tracker](https://github.com/ssh-mitm/ssh-mitm/issues)\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n","funding_links":[],"categories":["Python","security","Honeypots"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fssh-mitm%2Fssh-mitm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fssh-mitm%2Fssh-mitm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fssh-mitm%2Fssh-mitm/lists"}