pspy vs SSH-Snake
GitHub Stats
About pspy
pspy is a process monitoring tool for Linux that functions without requiring root privileges. It detects and logs cron jobs, user commands, and other process events in real-time, making it a useful tool for security auditing and monitoring. Written in Go, pspy is particularly beneficial for administrators and security professionals who need to keep track of system activities without altering system configurations.
About SSH-Snake
SSH-Snake is a self-propagating tool that automatically discovers SSH private keys on a compromised system, determines which hosts they connect to, and uses them to hop to the next system. It operates filelessly by passing itself through SSH sessions, leaving minimal forensic artifacts. SSH-Snake recursively maps the network of systems reachable via SSH trust relationships, building a graph of infrastructure connectivity. It discovers keys in common locations, agent forwarding sockets, bash history, known_hosts files, and SSH configs. Useful for demonstrating the blast radius of a single compromised host.
Platform Support
Tags
pspy only
SSH-Snake only