This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and their intended SSH server; all plaintext passwords and sessions are logged to disk. Of course, the victim's SSH client will complain that the server's key has changed. But because 99.99999% of the time this is caused by a legitimate action (OS re-install, configuration change, etc), many/most users will disregard the warning and continue on. NOTE: Only run the modified sshd_mitm in a VM or container! Ad-hoc edits were made to the OpenSSH sources in critical regions, with no regard to their security implications. Its not hard to imagine these edits introduce serious vulnerabilities.
Features
- The quickest & easiest way to get started is to use the Docker image with SSH MITM pre-built
- Find targets on the LAN, and ARP spoof them
- Shell and SFTP sessions will be logged in the ssh_mitm_logs directory
- To test out changes to the OpenSSH source code, use the dev/redeploy.sh script
- To re-generate a full patch to the OpenSSH sources, use the dev/regenerate_patch.sh script
- Only run the modified sshd_mitm in a VM or container