SSH-MITM - ssh mitm server for security audits

Hello,

there is a new tool available for ssh man in the middle attacks: GitHub - ssh-mitm/ssh-mitm: ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation

SSH-MITM is open source and available on Github GitHub - ssh-mitm/ssh-mitm: ssh mitm server for security audits supporting public key authentication, session hijacking and file manipulation.

It is written in Python, so it can run on all Linux Distributions. The only requirement is Python 3.6 or newer.

Features:

  • Hijacking terminal sessions (interactive shell)
  • SCP and SFTP
    • store files
    • replace files
    • inject additional files
  • Agent Forwarding
  • Port Forwarding
  • Test clients against known vulnerabilities (e.g. CVE-2020-14145)

Perhaps it’s interesting to integrate this tool in Parrot, but I have no knowledge about creating packages.

Disclosure: I’m the author of SSH-MITM.