SSH Penetration Testing
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous commands for automated offensive actions, including brute-forcing credentials with tools like Hydra, Medusa, and Ncrack.
- [DATA_EXFILTRATION]: Instructions are included to search for and extract sensitive information, such as private SSH keys (e.g., id_rsa, id_dsa) and shell history files (.bash_history) which often contain sensitive credentials or commands.
- [REMOTE_CODE_EXECUTION]: Includes a complete Python script utilizing the
paramikolibrary to automate SSH authentication and execute arbitrary commands on remote targets. - [COMMAND_EXECUTION]: Detailed instructions are provided for establishing persistence on a target system by appending an SSH key to the
~/.ssh/authorized_keysfile. - [COMMAND_EXECUTION]: The skill describes advanced network pivoting and tunneling techniques (Local, Remote, and Dynamic forwarding) that can be used to bypass network perimeters and access internal resources.
Audit Metadata