SSHtown
SSHtown is a modular, interactive security assessment tool for testing SSH vulnerabilities. It provides comprehensive testing capabilities including banner grabbing, authentication method detection, vulnerability scanning, intelligence gathering, and post-exploitation analysis.
Features
- Stealth Mode: Configurable delays and jitter between requests to avoid detection
- Intelligence Gathering: DNS reconnaissance, SSL certificate analysis, port scanning, and WHOIS lookups
- Vulnerability Scanner: Detection of weak algorithms, known CVEs, and configuration issues
- Authentication Testing: Common credential testing with customizable wordlists
- Post-Exploitation: System enumeration, persistence detection, and privilege escalation checks
- Reporting: Professional reports in TXT, JSON, and HTML formats
Installation
Clone the Repository
git clone https://github.com/ekomsSavior/SSHtown.git
cd SSHtown
Install Dependencies
SSHtown required packages:
pip install paramiko --break-system-packages
#or use a venv then run break system packages
Optional Dependencies
For full functionality, install these optional packages:
pip install python-whois requests dnspython --break-system-packages
Quick Start
- Run SSHtown:
bash python3 SSHtown.py -v
or debug mode for troubleshooting:
bash
python SSHtown.py -d
- You'll see the main menu with various options:
- Start by selecting option 1 to configure your target and settings.
Usage Guide
1. Initial Configuration
Select option 1 from the main menu to configure:
- Target IP addresses or hostnames (comma-separated)
- SSH ports to test (default: 22)
- Wordlist paths for usernames and passwords
- Module selection (enable/disable specific tests)
- Stealth mode settings (delays, jitter)
- Connection timeout
2. Full Assessment
Select option 2 to run a complete assessment. This includes:
- Intelligence gathering on the target
- Banner grabbing with stealth options
- Authentication method detection
- Vulnerability scanning for CVEs and weak algorithms
- Optional credential testing (requires explicit confirmation)
- Automatic report generation
3. Specific Tests
Select option 3 to run individual tests:
- Banner grabbing (stealth mode)
- Authentication method detection
- Common credentials testing
- Vulnerability scanning
- Configuration audit
- Intelligence gathering
4. Intelligence Gathering
Select option 4 for reconnaissance:
- DNS record enumeration
- SSL certificate analysis
- WHOIS information lookup
- Port scanning of common services
- Geolocation data collection
5. Post-Exploitation
Select option 5 after establishing a successful SSH connection to:
- Enumerate system information
- Check for persistence mechanisms
- Extract potentially sensitive data
- Analyze network configuration
- Check privilege escalation vectors
- Establish SSH pivots to other hosts
6. View Results
Select option 6 to view previously generated reports stored in the reports/ directory.
7. Generate Reports
Select option 7 to generate professional reports in multiple formats:
- Text reports for quick review
- JSON reports for programmatic analysis
- HTML reports with visual formatting
8. Wordlist Management
Select option 8 to manage wordlists:
- Generate default username and password wordlists
- Check for SecLists integration
sudo apt install seclists
seclists lives in /usr/share/seclists
- Add custom wordlist paths
- View current wordlist configuration
Important Notes
- The credential testing module is disabled by default and requires explicit confirmation
- Always ensure you have proper authorization before testing any system
- Use stealth mode when testing production systems to avoid triggering alarms
- Some intelligence gathering features require internet access
- Post-exploitation features require a successful SSH connection first
Disclaimer
This tool is provided for educational and authorized testing purposes only. The developer assumes no liability and is not responsible for any misuse or damage caused by this program. It is the end user's responsibility to obey all applicable local, state, federal, and international laws.