lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CA+17n5vDUvK2n6de6rRpPvyHpxe0uQAYBBmP0TW43f=MwtCN-A@mail.gmail.com>
Date: Sun, 7 Jan 2024 02:00:07 +0700
From: Joshua Rogers <megamansec@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] SSH-Snake: Automated SSH-Based Network Traversal

SSH-Snake is a powerful tool designed to perform automatic network
traversal using SSH private keys discovered on systems, with the objective
of creating a comprehensive map of a network and its dependencies,
identifying to what extent a network can be compromised using SSH and SSH
private keys starting from a particular system.

SSH-Snake can automatically reveal the relationship between systems which
are connected via SSH, which would normally take a tremendous amount of
time and effort to perform manually.

In other words, SSH-Snake performs the following tasks automatically and
recursively:

   1. On the current system, find any SSH private keys,
   2. On the current system, find any hosts or destinations (user@...t)
   that the private keys may be accepted,
   3. Attempt to SSH into all of the destinations using all of the private
   keys discovered,
   4. If a destination is successfully connected to, repeats steps #1 - #4
   on the connected-to system.

It's completely self-replicating and self-propagating -- and completely
fileless. In many ways, SSH-Snake is actually a worm: It replicates itself
and spreads itself from one system to another as far as it can.

Instead of manually jumping between systems with SSH keys like it's a Super
Mario game, let SSH-Snake do the work for you.

The script is attached. The documentation is available at at
https://github.com/MegaManSec/SSH-Snake .

Download attachment "Snake.sh" of type "application/x-sh" (93491 bytes)

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ