SSHamble simulates potential attack scenarios, including unauthorized remote access due to unexpected state transitions, remote command execution in post-session login implementations, and information leakage through unlimited high-speed authentication requests. The SSHamble interactive shell provides raw access to SSH requests in the post-session (but pre-execution) environment, allowing for simple testing of environment controls, signal processing, port forwarding, and more.
The Secure Shell (SSH) can be found in nearly everything; from network devices, to source code forges, to Windows-based file transfer tools. While OpenSSH is still the most prominent implementation, it's now just one of dozens, and these include a handful of libraries that drive a wide range of applications. How do these implementations stack up on the security side? runZero dove deep to find out.
Our researchers discovered a broad range of weaknesses across SSH implementations and applications that impact critical network security devices and software. These long standing issues have remained undiscovered due to the lack of tooling available to exercise the layers of the SSH protocol. Enter SSHamble, our new open source tool.
Meet the team behind SSHamble
HD Moore is the founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.
Rob King is the Director of Security Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped...
Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.