SSH Penetration Testing
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides various shell commands for network discovery and system auditing, including an explicit technique to establish persistence by appending a public key to the authorized_keys file.
- [CREDENTIALS_UNSAFE]: The documentation covers brute-forcing SSH accounts using wordlists with tools like Hydra and Medusa, and searching for sensitive private keys on the target filesystem.
- [DATA_EXFILTRATION]: Provides methods for identifying and downloading private SSH keys from the target's filesystem and potentially web-accessible directories using curl.
- [REMOTE_CODE_EXECUTION]: Includes a Python script utilizing the Paramiko library and Metasploit modules to automate SSH connections and execute arbitrary commands on remote targets.
Audit Metadata