sshamble: A research tool for SSH implementations

by ddos ·

sshamble

SSHamble is a research tool for SSH implementations that includes:

  • Interesting attacks against authentication
  • Post-session authentication attacks
  • Pre-authentication state transitions
  • Authentication timing analysis
  • Post-session enumeration

SSHamble simulates potential attack scenarios, including unauthorized remote access due to unexpected state transitions, remote command execution in post-session login implementations, and information leakage through unlimited high-speed authentication requests. The SSHamble interactive shell provides raw access to SSH requests in the post-session (but pre-execution) environment, allowing for simple testing of environment controls, signal processing, port forwarding, and more.

Installation

Binaries are available from the releases page.

To build SSHamble from source, ensure that you have a recent version of Go (1.22.6+) installed.

You can use Go to install a binary into the bin directory in your GOPATH.

If you are using macOS, you may run into errors at runtime unless you disable CGO before building:

$ export CGO_ENABLED=0
$ go install github.com/runZeroInc/sshamble@latest

To build from source locally:

$ git clone https://github.com/runZeroInc/sshamble
$ cd sshamble
$ go build -o sshamble
$ ./sshamble -h

To enable experimental badkeys support, run the generator first:

$ git clone https://github.com/runZeroInc/sshamble
$ cd sshamble
$ go generate ./...
$ go build -o sshamble
$ ./sshamble -h

Use

Tags: SSHamble