ssh-mitm

SSH-MITM - ssh audits made simple (by ssh-mitm)
Add to my DEV experience SSH ssh-server ssh-client mitmproxy mitm-server mitm-attacks security-audit security-tools Mitm Proxy ssh-mitm Sftp Scp Security
Source Code
docs.ssh-mitm.at
Docs
ssh-mitm Reviews
Suggest alternative
Edit details
The modern identity platform for B2B SaaS
The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
workos.com
Sponsored

Ssh-mitm Alternatives

Similar projects and alternatives to ssh-mitm

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better ssh-mitm alternative or higher similarity.
Suggest an alternative to ssh-mitm

ssh-mitm reviews and mentions

Posts with mentions or reviews of ssh-mitm. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-12-19.
  • Terrapin-Attack Style Vulnerability Likely Exploited for 2 Years
    1 project | news.ycombinator.com | 21 Dec 2023
    I wanted to share some insights into a security concern that echoes the Terrapin-Attack scenario, highlighting a similar vulnerability that has been observed in other tools.

    Recently, I came across a Pull Request on GitHub for the SSH-MITM tool, which sheds light on a critical aspect of SSH protocol security, specifically regarding RFC 4253 during the KEXINIT process. The Pull Request, available at GitHub https://github.com/ssh-mitm/ssh-mitm/pull/163, describes the necessity of discarding certain packages during the KEXINIT phase to prevent issues with intercepted clients.

    Moreover, a look into the GitHub Blame for SSH-MITM reveals that these crucial changes in the KEXINIT step were integrated into SSH-MITM about 1-2 years ago. You can see the specific changes at this link: https://github.com/ssh-mitm/ssh-mitm/blame/4fc3ef418847c35d17d0c427e2701b33a03c323c/sshmitm/workarounds/transport.py#L178-L188

    An important note to add is that this information suggests that a similar form of attack, akin to the Terrapin-Attack, could potentially have been exploited for the last two years. This raises significant concerns about the historical vulnerability of systems to such attack techniques and emphasizes the importance of retroactive security analysis in addition to ongoing vigilance.

  • Terrapin Attack for prefix injection in SSH
    3 projects | news.ycombinator.com | 19 Dec 2023
    There is now an issue ticket in ssh-mitm to discuss the similarities between ssh-mitm and terrapin attack: https://github.com/ssh-mitm/ssh-mitm/issues/165
  • Check if a publickey is known by GitHub or Gitlab without iterating all users
    1 project | news.ycombinator.com | 24 Feb 2023
    During some audits, it's likely that you find some ssh public keys laying around on some servers.

    If you want to verify if this key is known by other services, but you don't have access to those services, this task might be hard.

    SSH-MITM has an additional command, which allows to check if a public ssh key is known by GitHub, GitLab, and other code hosters. It's not limited to GitHub and other major platforms and even works with each service, which is accessible over SSH.

    First you must install SSH-MITM. It's recommended to use the AppImage, because this works out of the box on most Linux machines.

    $ wget https://github.com/ssh-mitm/ssh-mitm/releases/latest/download/ssh-mitm-x86_64.AppImage

  • Should SSH-MITM add a Codehoster user check as a default setting?
    1 project | /r/Pentesting | 13 Feb 2023
    SSH-MITM is a tool to audit ssh sessions and protocols, which uses SSH as the transport protocol: https://github.com/ssh-mitm/ssh-mitm
  • Python API Documentation created with ChatGPT
    1 project | /r/ChatGPT | 1 Feb 2023
    you can find the project on github: https://github.com/ssh-mitm/ssh-mitm
  • SSH-MitM has prebuilt windows executables
    1 project | news.ycombinator.com | 17 Jun 2022
  • SSH-MitM's new logo is a fish (OpenSSH's logo) on a hook
    1 project | news.ycombinator.com | 3 Apr 2022
  • SSH-MitM – Support for OpenSSH's Certificate Authority Planned
    1 project | news.ycombinator.com | 1 Apr 2022
  • SSH-MITM - Support for OpenSSH's certificate authority planned
    2 projects | /r/netsec | 1 Apr 2022
    You should check the Revisionhistory of the Readme file first.. https://github.com/ssh-mitm/ssh-mitm/commit/564028af25c395528446fbb679c7392469d59bfd
  • SSH-MitM 2.0.0 – Licence change to GPLv3
    3 projects | news.ycombinator.com | 1 Apr 2022
    The “customized wording” you’re seeing is “The LGPL”. It’s a different license from the GPL.

    The history on the repo shows that the original license was GPL (June 2020), the author changed the license to LGPL (December 2022), and now they’re changing it to GPL again. https://github.com/ssh-mitm/ssh-mitm/commits/master/LICENSE

  • A note from our sponsor - InfluxDB
    www.influxdata.com | 25 Apr 2024
    Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Stats

Basic ssh-mitm repo stats
42
1,219
8.8
14 days ago

ssh-mitm/ssh-mitm is an open source project licensed under GNU General Public License v3.0 only which is an OSI approved license.

The primary programming language of ssh-mitm is Python.

Popular Comparisons

  1. ssh-mitm VS cowrie
  2. ssh-mitm VS docker-sshd
  3. ssh-mitm VS sftpretty
  4. ssh-mitm VS super-auto-pets
  5. ssh-mitm VS mitm
  6. ssh-mitm VS openssh-portable
  7. ssh-mitm VS BDFProxy
  8. ssh-mitm VS ssh-mitm
  9. ssh-mitm VS dit
  10. ssh-mitm VS proxy.py

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com