SSH-Snake : Automated SSH-Based Network Traversal

SSH-Snake is a powerful tool designed to perform automatic network traversal using SSH private keys discovered on systems, with the objective of creating a comprehensive map of a network and its dependencies, identifying to what extent a network can be compromised using SSH and SSH private keys starting from a particular system.

SSH-Snake can automatically reveal the relationship between systems which are connected via SSH, which would normally take a tremendous amount of time and effort to perform manually.

In other words, SSH-Snake performs the following tasks automatically and recursively:

1. On the current system, find any SSH private keys,
2. On the current system, find any hosts or destinations (user@host) that the private keys may be accepted,
3. Attempt to SSH into all of the destinations using all of the private keys discovered,
4. If a destination is successfully connected to, repeats steps #1 – #4 on the connected-to system.

It’s completely self-replicating and self-propagating — and completely fileless. In many ways, SSH-Snake is actually a worm: It replicates itself and spreads itself from one system to another as far as it can.

Instead of manually jumping between systems with SSH keys like it’s a Super Mario game, let SSH-Snake do the work for you.

Although this tool is intended for hacking purposes, sysadmins can also use it to better understand their infrastructure and network. If you want to disable the printing of private keys discovered, comment out this line of code.

An in-depth look at how this script actually works, technical details, interesting discoveries, design decisions, benchmarking, and lessons learnt, check out this blog post.

Screenshots

A reduced screenshot from the output of SSH-Snake in a very small network.

For more information click here