https://github.com/rapid7/ssh-badkeys
A collection of static SSH keys (public and private) that have made their way into software and hardware products.
https://github.com/rapid7/ssh-badkeys
Last synced: about 1 month ago
JSON representation
A collection of static SSH keys (public and private) that have made their way into software and hardware products.
- Host: GitHub
- URL: https://github.com/rapid7/ssh-badkeys
- Owner: rapid7
- License: mit
- Created: 2015-01-21T21:25:45.000Z (about 10 years ago)
- Default Branch: master
- Last Pushed: 2025-02-13T09:02:10.000Z (2 months ago)
- Last Synced: 2025-02-13T10:21:55.441Z (2 months ago)
- Size: 85 KB
- Stars: 837
- Watchers: 126
- Forks: 116
- Open Issues: 9
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-security-collection - **564**星
README
# SSH Bad Keys
This is a collection of static SSH keys (host and authentication) that have made their way into software and hardware products. This was inspired by the [Little Black Box](https://code.google.com/p/littleblackbox/) project, but focused primarily on SSH (as opposed to TLS) keys.
Keys are split into two categories; authorized keys and host keys. The authorized keys can be used to gain access to a device with this public key. The host keys can be used to conduct a MITM attack against the device, but do not provide direct access.
This collection depends on submissions from researchers to stay relevant. If you are aware of a static key (host or authorized), please open an [Issue](https://github.com/rapid7/ssh-badkeys/issues) or submit a Pull Request. The [Issues](https://github.com/rapid7/ssh-badkeys/issues) list also contains a wishlist of known bad keys that we would like to include.
For additional key types and a broader scope, take a look at the [Kompromat](https://github.com/BenBE/kompromat) project.