SSH-MITM - ssh audits made simple
SSH-MITM is a man in the middle SSH Server for security audits and malware analysis.
Password and publickey authentication are supported and SSH-MITM is able to detect, if a user is able to login with publickey authentication on the remote server. This allows SSH-MITM to accept the same key as the destination server. If publickey authentication is not possible, the authentication will fall back to password-authentication.
When publickey authentication is possible, a forwarded agent is needed to login to the remote server. In cases, when no agent was forwarded, SSH-MITM can rediredt the session to a honeypot.
- publickey and password authentication
- Phishing FIDO Tokens (Information from OpenSSH)
- hijacking and logging of terminal sessions
- store and replace files during SCP/SFTP file transferes
- port porwarding with SOCKS 4/5 support
- intercept MOSH connections
- audit clients against known vulnerabilities
- plugin support