How does it assist with SSH configuration hardening?

The skill includes phases for auditing configurations using ssh-audit to identify weak key exchange algorithms, ciphers, and MACs that need remediation.

Is this skill intended for beginners or experts?

While it provides detailed command references, it is designed for users with a fundamental understanding of SSH protocols and Linux command-line proficiency.

Can this skill help with SSH port forwarding and pivoting?

Yes, it provides comprehensive instructions and syntax for local, remote, and dynamic (SOCKS proxy) port forwarding, as well as ProxyJump configurations.

What tools are required for this SSH penetration testing skill?

The skill utilizes industry-standard security tools including Nmap, Hydra, Medusa, ssh-audit, and the Paramiko Python library for custom automation.

Does it include automated exploit scripts?

It provides the methodology and command syntax for using Metasploit modules and custom Paramiko scripts to test for known SSH vulnerabilities.

SSH Penetration Testing

Name: SSH Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

Security & Testing

Conducts end-to-end SSH security audits, from initial service discovery and credential testing to advanced tunneling and post-exploitation analysis.

About

This skill provides a comprehensive framework for assessing the security posture of SSH services within a target environment. It guides users through the entire penetration testing lifecycle, including service enumeration, configuration auditing for weak encryption algorithms, brute-force credential attacks, and the exploitation of known vulnerabilities like CVE-2018-15473. Beyond initial access, it offers detailed methodologies for lateral movement using local, remote, and dynamic tunneling, as well as post-exploitation tasks such as privilege escalation and establishing persistence. It is an essential resource for security professionals and system administrators looking to harden their infrastructure using industry-standard tools like Nmap, Hydra, and Paramiko.

Key Features

Credential testing methodologies including brute-force and password spraying
Python-based automation scripts using the Paramiko library
0 GitHub stars
Configuration auditing to detect weak ciphers and MAC algorithms
Advanced network pivoting via local, remote, and dynamic port forwarding
Comprehensive service discovery and banner grabbing for identification

Use Cases

Performing authorized security audits on enterprise SSH infrastructure
Establishing secure tunnels for network pivoting during internal penetration tests
Identifying and remediating deprecated SSH protocols and weak configurations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter ssh-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill

GitHub

About

Key Features

Credential testing methodologies including brute-force and password spraying
Python-based automation scripts using the Paramiko library
0 GitHub stars
Configuration auditing to detect weak ciphers and MAC algorithms
Advanced network pivoting via local, remote, and dynamic port forwarding
Comprehensive service discovery and banner grabbing for identification

Use Cases

Performing authorized security audits on enterprise SSH infrastructure
Establishing secure tunnels for network pivoting during internal penetration tests
Identifying and remediating deprecated SSH protocols and weak configurations