SSH MITM

LSE toolsLSE toolsSSH MITM (359)SSH MITM (359)

Tool and Usage

Project details

Licenses
BSD 2-clause
GPLv3
Programming language
Python
Author
Joe Testa
Latest release
2.2
Latest release date

Project health

60
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

This tool would most likely be used to intercept traffic during security assessments. Plaintext passwords and session data can be intercepted with it.

How it works

A patch is applied to the OpenSSH source code. It allows this patched version to act as a proxy between the victim client and their intended server. Due to the role of a proxy, it is very likely that the SSH client of the victim will complain about a changed host key. Most users will happily ignore these warnings and continue to connect to the server of their choice.

Usage and audience

SSH MITM is commonly used for password discovery, security assessment, or session hijacking.

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + More than 1000 GitHub stars
  • + The source code of this software is available

Author and Maintainers

SSH MITM is under development by Joe Testa.

SSH MITM alternatives

Similar tools to SSH MITM:

64

Seth

Seth is a security tool to perform a man-in-the-middle (MitM) attack and extract clear text credentials from RDP connections.

100

mitmproxy

The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

63

ArpON

ArpON is a host-based tool to improve the security of the Address Resolution Protocol (ARP).

All SSH MITM alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Categories

This tool is categorized as a MitM tool and SSH MitM tool.