SSH
Enumerate
## https://github.com/jtesta/ssh-audit
# Audit the configuration of an SSH server
ssh-audit.py $ip -p $port
# Enumerate SSH server ciphers with Nmap
nmap --script=ssh2-enum-algos $ip -p $port
# Enumerate if password authentication is enabled
nmap --script=ssh-auth-methods $ip -p $portPassword Spraying
## https://github.com/lanjelot/patator
# Password spraying example using Patator
patator ssh_login host=$ip user=FILE0 password=FILE1 0=/root/username 1=/root/wordlist.txt -x ignore:mesg=’Authentication failed’
# Password spraying using CrackMapExec
crackmapexec ssh $ip -u $userfile -p $passwordfile
# Metasploit
use auxiliary/scanner/ssh/ssh_login Last updated