Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ssh-mitm/ssh-mitm
SSH-MITM - ssh audits made simple
https://github.com/ssh-mitm/ssh-mitm
mitm mitm-attacks mitm-server mitmproxy proxy scp security security-audit security-tools sftp ssh ssh-client ssh-mitm ssh-server
Last synced: about 20 hours ago
JSON representation
SSH-MITM - ssh audits made simple
- Host: GitHub
- URL: https://github.com/ssh-mitm/ssh-mitm
- Owner: ssh-mitm
- License: gpl-3.0
- Created: 2020-06-03T16:18:48.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-11-22T07:18:04.000Z (20 days ago)
- Last Synced: 2024-12-07T23:42:37.772Z (4 days ago)
- Topics: mitm, mitm-attacks, mitm-server, mitmproxy, proxy, scp, security, security-audit, security-tools, sftp, ssh, ssh-client, ssh-mitm, ssh-server
- Language: Python
- Homepage: https://docs.ssh-mitm.at
- Size: 99.9 MB
- Stars: 1,347
- Watchers: 27
- Forks: 145
- Open Issues: 15
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-hacking-lists - ssh-mitm/ssh-mitm - SSH-MITM - ssh audits made simple (Python)
- awesome-starred - ssh-mitm/ssh-mitm - SSH-MITM - ssh audits made simple (security)
README
SSH-MITM - ssh audits made simple
ssh man-in-the-middle (ssh-mitm) server for security audits supporting
publickey authentication, session hijacking and file manipulation
Contributors
## Table of Contents
- [Introduction](#introduction)
- [Features](#features)
- [Installation](#installation)
- [Quickstart](#quickstart)
- [Session hijacking](#session-hijacking)
- [Phishing FIDO Tokens](#phishing-fido-tokens)
- [Contributing](#contributing)
- [Contact](#contact)## Introduction
[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8906/badge)](https://www.bestpractices.dev/projects/8906)
[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
[![CodeFactor](https://www.codefactor.io/repository/github/ssh-mitm/ssh-mitm/badge)](https://www.codefactor.io/repository/github/ssh-mitm/ssh-mitm)
[![Documentation Status](https://readthedocs.org/projects/ssh-mitm/badge/?version=latest)](https://docs.ssh-mitm.at/?badge=latest)
[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)
[![GitHub](https://img.shields.io/github/license/ssh-mitm/ssh-mitm?color=%23434ee6)](https://github.com/ssh-mitm/ssh-mitm/blob/master/LICENSE)**SSH-MITM** is a man in the middle SSH Server for security audits and malware analysis.
Password and **publickey authentication** are supported and SSH-MITM is able to detect, if a user is able to login with publickey authentication on the remote server. This allows SSH-MITM to accept the same key as the destination server. If publickey authentication is not possible, the authentication will fall back to password-authentication.
When publickey authentication is possible, a forwarded agent is needed to login to the remote server. In cases, when no agent was forwarded, SSH-MITM can rediredt the session to a honeypot.
## Features
* publickey authentication
* accept same key as destination server
* Phishing FIDO Tokens ([Information from OpenSSH](https://www.openssh.com/agent-restrict.html))
* hijacking and logging of terminal sessions
* store and replace files during SCP/SFTP file transferes
* port porwarding
* SOCKS 4/5 support for dynamic port forwarding
* intercept MOSH connections
* audit clients against known vulnerabilities
* plugin support## Installation
**SSH-MITM** can be installed as a
[Flatpak](https://flathub.org/apps/at.ssh_mitm.server),
[Ubuntu Snap](https://snapcraft.io/ssh-mitm),
[AppImage](https://github.com/ssh-mitm/ssh-mitm/releases/latest)
and [PIP-Package](https://pypi.org/project/ssh-mitm/).Community-supported options include installations via `[Nix](https://search.nixos.org/packages?channel=unstable&show=ssh-mitm&type=packages&query=ssh-mitm) and running on [Android devices](https://github.com/ssh-mitm/ssh-mitm/discussions/83#discussioncomment-1531873).
Install from Flathub:
flatpak install flathub at.ssh_mitm.server
flatpak run at.ssh_mitm.serverInstall from Snap store:
sudo snap install ssh-mitm
Install as AppImage:
wget https://github.com/ssh-mitm/ssh-mitm/releases/latest/download/ssh-mitm-x86_64.AppImage
chmod +x ssh-mitm*.AppImageInstall python package:
python3 -m pip install ssh-mitm
For more installation methods, refer to the [SSH-MITM installation guide](https://docs.ssh-mitm.at/get_started/installation.html).
## Quickstart
To start SSH-MITM, all you have to do is run this command in your terminal of choice.
ssh-mitm server --remote-host 192.168.0.x
Now let's try to connect. SSH-MITM is listening on port 10022.
ssh -p 10022 testuser@proxyserver
You will see the credentials in the log output.
INFO Remote authentication succeeded
Remote Address: 127.0.0.1:22
Username: testuser
Password: secret
Agent: no agent## Session hijacking
Getting the plain text credentials is only half the fun.
When a client connects, the ssh-mitm starts a new server, which is used for session hijacking.INFO ℹ created mirrorshell on port 34463. connect with: ssh -p 34463 127.0.0.1
To hijack the session, you can use your favorite ssh client.
ssh -p 34463 127.0.0.1
Try to execute somme commands in the hijacked session or in the original session.
The output will be shown in both sessions.
## Phishing FIDO Tokens
SSH-MITM is able to phish FIDO2 Tokens which can be used for 2 factor authentication.
The attack is called [trivial authentication](https://docs.ssh-mitm.at/trivialauth.html) ([CVE-2021-36367](https://docs.ssh-mitm.at/CVE-2021-36367.html), [CVE-2021-36368](https://docs.ssh-mitm.at/CVE-2021-36368.html)) and can be enabled with the command line argument `--enable-trivial-auth`.
ssh-mitm server --enable-trivial-auth
Using the trivial authentication attack does not break password authentication, because the attack is only performed when a publickey login is possible.
Video explaining the phishing attack:
Click to view video on vimeo.com
## Contributing
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement".
Don't forget to give the project a star! Thanks again!1. Fork the Project
2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)
3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
4. Push to the Branch (`git push origin feature/AmazingFeature`)
5. Open a Pull RequestSee also the list of [contributors](https://github.com/ssh-mitm/ssh-mitm/graphs/contributors) who participated in this project.
## Contact
- E-Mail: [email protected]
- [Issue Tracker](https://github.com/ssh-mitm/ssh-mitm/issues)