ENNAENNA

SSH-Snake

GPL-3.0

๐Ÿ”ฅ Offensive Ops ยท Shell

SSH-Snake is a self-propagating tool that automatically discovers SSH private keys on a compromised system, determines which hosts they connect to, and uses them to hop to the next system. It operates filelessly by passing itself through SSH sessions, leaving minimal forensic artifacts. SSH-Snake recursively maps the network of systems reachable via SSH trust relationships, building a graph of infrastructure connectivity. It discovers keys in common locations, agent forwarding sockets, bash history, known_hosts files, and SSH configs. Useful for demonstrating the blast radius of a single compromised host.

2.3kstars
217forks
0issues
Updated 1mo ago
+I use this
View on GitHubOfficial Website

Installation

$ git clone https://github.com/MegaManSec/SSH-Snake.git

Use Cases

  • Mapping SSH trust relationships across infrastructure
  • Demonstrating lateral movement via SSH key reuse
  • Assessing blast radius of a compromised Linux host
  • Discovering unauthorized SSH key trust chains

Tags

sshlateral-movementself-propagatingkey-discoveryfilelessbashcybersecurityexploitationexploitation-toolhackinghacking-toolspentestingpost-exploitationredteamscannersecuritysecurity-toolsshellssh-hackingvulnerability-scannerworm

Details

Category
๐Ÿ”ฅ Offensive Ops
Language
Shell
License
GPL-3.0
Platforms
๐Ÿงlinux๐ŸŽmacos

Links

GitHub Repository

github.com/MegaManSec/SSH-Snake

Official Website

megamansec.github.io/SSH-Snake

Releases

github.com/MegaManSec/SSH-Snake/releases

Issues

github.com/MegaManSec/SSH-Snake/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

Ligolo-ng

Go

Advanced tunneling/pivoting tool. Creates a TUN interface for transparent proxying through compromised hosts.

Compare SSH-Snake vs Ligolo-ng

Chisel

Go

Fast TCP/UDP tunnel over HTTP secured via SSH. Single binary, works behind firewalls and NAT.

Compare SSH-Snake vs Chisel

LinPEAS

Shell

Linux privilege escalation enumeration script. Finds misconfigs, SUID bins, creds, and escalation paths.

Compare SSH-Snake vs LinPEAS

pspy

Go

Monitor Linux processes without root. Detects cron jobs, user commands, and process events in real time.

Compare SSH-Snake vs pspy

More in Offensive Ops

Mythic

Go

Collaborative, multi-platform C2 framework. Docker-based with web UI, multiple agent types, and plugin architecture.

c2red-teammulti-operator

Havoc

C/C++

Modern C2 framework. Qt-based GUI, BOF support, custom agents, and a Cobalt Strike-inspired workflow.

c2red-teamgui

Rubeus

C#

C# toolset for raw Kerberos interaction and abuse. AS-REP roasting, Kerberoasting, ticket manipulation, delegation attacks.

kerberosactive-directoryroasting

Certipy

Python

Active Directory Certificate Services (AD CS) abuse tool. Find and exploit certificate template misconfigurations.

active-directorycertificatesadcs

Coercer

Python

Automatically find and exploit Windows authentication coercion vulnerabilities. PetitPotam, PrinterBug, and more.

authentication-coercionntlm-relaypetitpotam

SharpHound

C#

Official BloodHound data collector. Enumerates Active Directory objects, sessions, ACLs, and trusts for graph analysis.

active-directoryenumerationbloodhound