Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ssh-mitm/ssh-mitm

SSH-MITM - ssh audits made simple
https://github.com/ssh-mitm/ssh-mitm

mitm mitm-attacks mitm-server mitmproxy proxy scp security security-audit security-tools sftp ssh ssh-client ssh-mitm ssh-server

Last synced: about 20 hours ago
JSON representation

SSH-MITM - ssh audits made simple

Awesome Lists containing this project

README

        

SSH-MITM - ssh audits made simple




SSH-MITM intercepting password login

ssh man-in-the-middle (ssh-mitm) server for security audits supporting
publickey authentication, session hijacking and file manipulation



Download as an AppImage
   
Download on Flathub
   
Get it from the Snap Store





Contributors






## Table of Contents

- [Introduction](#introduction)
- [Features](#features)
- [Installation](#installation)
- [Quickstart](#quickstart)
- [Session hijacking](#session-hijacking)
- [Phishing FIDO Tokens](#phishing-fido-tokens)
- [Contributing](#contributing)
- [Contact](#contact)

## Introduction

[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8906/badge)](https://www.bestpractices.dev/projects/8906)
[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
[![CodeFactor](https://www.codefactor.io/repository/github/ssh-mitm/ssh-mitm/badge)](https://www.codefactor.io/repository/github/ssh-mitm/ssh-mitm)
[![Documentation Status](https://readthedocs.org/projects/ssh-mitm/badge/?version=latest)](https://docs.ssh-mitm.at/?badge=latest)
[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)
[![GitHub](https://img.shields.io/github/license/ssh-mitm/ssh-mitm?color=%23434ee6)](https://github.com/ssh-mitm/ssh-mitm/blob/master/LICENSE)

**SSH-MITM** is a man in the middle SSH Server for security audits and malware analysis.

Password and **publickey authentication** are supported and SSH-MITM is able to detect, if a user is able to login with publickey authentication on the remote server. This allows SSH-MITM to accept the same key as the destination server. If publickey authentication is not possible, the authentication will fall back to password-authentication.

When publickey authentication is possible, a forwarded agent is needed to login to the remote server. In cases, when no agent was forwarded, SSH-MITM can rediredt the session to a honeypot.

(back to top)

## Features

* publickey authentication
* accept same key as destination server
* Phishing FIDO Tokens ([Information from OpenSSH](https://www.openssh.com/agent-restrict.html))
* hijacking and logging of terminal sessions
* store and replace files during SCP/SFTP file transferes
* port porwarding
* SOCKS 4/5 support for dynamic port forwarding
* intercept MOSH connections
* audit clients against known vulnerabilities
* plugin support

(back to top)

## Installation

**SSH-MITM** can be installed as a
[Flatpak](https://flathub.org/apps/at.ssh_mitm.server),
[Ubuntu Snap](https://snapcraft.io/ssh-mitm),
[AppImage](https://github.com/ssh-mitm/ssh-mitm/releases/latest)
and [PIP-Package](https://pypi.org/project/ssh-mitm/).

Community-supported options include installations via `[Nix](https://search.nixos.org/packages?channel=unstable&show=ssh-mitm&type=packages&query=ssh-mitm) and running on [Android devices](https://github.com/ssh-mitm/ssh-mitm/discussions/83#discussioncomment-1531873).

Install from Flathub:

flatpak install flathub at.ssh_mitm.server
flatpak run at.ssh_mitm.server

Install from Snap store:

sudo snap install ssh-mitm

Install as AppImage:

wget https://github.com/ssh-mitm/ssh-mitm/releases/latest/download/ssh-mitm-x86_64.AppImage
chmod +x ssh-mitm*.AppImage

Install python package:

python3 -m pip install ssh-mitm

For more installation methods, refer to the [SSH-MITM installation guide](https://docs.ssh-mitm.at/get_started/installation.html).

(back to top)

## Quickstart

To start SSH-MITM, all you have to do is run this command in your terminal of choice.

ssh-mitm server --remote-host 192.168.0.x

Now let's try to connect. SSH-MITM is listening on port 10022.

ssh -p 10022 testuser@proxyserver

You will see the credentials in the log output.

INFO Remote authentication succeeded
Remote Address: 127.0.0.1:22
Username: testuser
Password: secret
Agent: no agent

(back to top)

## Session hijacking

Getting the plain text credentials is only half the fun.
When a client connects, the ssh-mitm starts a new server, which is used for session hijacking.

INFO ℹ created mirrorshell on port 34463. connect with: ssh -p 34463 127.0.0.1

To hijack the session, you can use your favorite ssh client.

ssh -p 34463 127.0.0.1

Try to execute somme commands in the hijacked session or in the original session.

The output will be shown in both sessions.

(back to top)

## Phishing FIDO Tokens

SSH-MITM is able to phish FIDO2 Tokens which can be used for 2 factor authentication.

The attack is called [trivial authentication](https://docs.ssh-mitm.at/trivialauth.html) ([CVE-2021-36367](https://docs.ssh-mitm.at/CVE-2021-36367.html), [CVE-2021-36368](https://docs.ssh-mitm.at/CVE-2021-36368.html)) and can be enabled with the command line argument `--enable-trivial-auth`.

ssh-mitm server --enable-trivial-auth

Using the trivial authentication attack does not break password authentication, because the attack is only performed when a publickey login is possible.


Video explaining the phishing attack:

Click to view video on vimeo.com


Click to view video on vimeo.com


Downlaod presentation slides

(back to top)

## Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement".
Don't forget to give the project a star! Thanks again!

1. Fork the Project
2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)
3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
4. Push to the Branch (`git push origin feature/AmazingFeature`)
5. Open a Pull Request

See also the list of [contributors](https://github.com/ssh-mitm/ssh-mitm/graphs/contributors) who participated in this project.

(back to top)

## Contact

- E-Mail: [email protected]
- [Issue Tracker](https://github.com/ssh-mitm/ssh-mitm/issues)

(back to top)