SSHtown

SSHtown is a modular, interactive security assessment tool for testing SSH vulnerabilities. It provides comprehensive testing capabilities including banner grabbing, authentication method detection, vulnerability scanning, intelligence gathering, and post-exploitation analysis.

Features

• Stealth Mode: Configurable delays and jitter between requests to avoid detection
• Intelligence Gathering: DNS reconnaissance, SSL certificate analysis, port scanning, and WHOIS lookups
• Vulnerability Scanner: Detection of weak algorithms, known CVEs, and configuration issues
• Authentication Testing: Common credential testing with customizable wordlists
• Post-Exploitation: System enumeration, persistence detection, and privilege escalation checks
• Reporting: Professional reports in TXT, JSON, and HTML formats

Installation

Clone the Repository

git clone https://github.com/ekomsSavior/SSHtown.git
cd SSHtown

Install Dependencies

SSHtown required packages:

pip install paramiko --break-system-packages
#or use a venv then run break system packages

Optional Dependencies

For full functionality, install these optional packages:

pip install python-whois requests dnspython --break-system-packages

Quick Start

1. Run SSHtown:
   bash python3 SSHtown.py -v

or debug mode for troubleshooting:
bash python SSHtown.py -d

1. You'll see the main menu with various options:

1. Start by selecting option 1 to configure your target and settings.

Usage Guide

1. Initial Configuration

Select option 1 from the main menu to configure:
- Target IP addresses or hostnames (comma-separated)
- SSH ports to test (default: 22)
- Wordlist paths for usernames and passwords
- Module selection (enable/disable specific tests)
- Stealth mode settings (delays, jitter)
- Connection timeout

2. Full Assessment

Select option 2 to run a complete assessment. This includes:
- Intelligence gathering on the target
- Banner grabbing with stealth options
- Authentication method detection
- Vulnerability scanning for CVEs and weak algorithms
- Optional credential testing (requires explicit confirmation)
- Automatic report generation

3. Specific Tests

Select option 3 to run individual tests:
- Banner grabbing (stealth mode)
- Authentication method detection
- Common credentials testing
- Vulnerability scanning
- Configuration audit
- Intelligence gathering

4. Intelligence Gathering

Select option 4 for reconnaissance:
- DNS record enumeration
- SSL certificate analysis
- WHOIS information lookup
- Port scanning of common services
- Geolocation data collection

5. Post-Exploitation

Select option 5 after establishing a successful SSH connection to:
- Enumerate system information
- Check for persistence mechanisms
- Extract potentially sensitive data
- Analyze network configuration
- Check privilege escalation vectors
- Establish SSH pivots to other hosts

6. View Results

Select option 6 to view previously generated reports stored in the reports/ directory.

7. Generate Reports

Select option 7 to generate professional reports in multiple formats:
- Text reports for quick review
- JSON reports for programmatic analysis
- HTML reports with visual formatting

8. Wordlist Management

Select option 8 to manage wordlists:
- Generate default username and password wordlists
- Check for SecLists integration

sudo apt install seclists

seclists lives in /usr/share/seclists
- Add custom wordlist paths
- View current wordlist configuration

Important Notes

• The credential testing module is disabled by default and requires explicit confirmation
• Always ensure you have proper authorization before testing any system
• Use stealth mode when testing production systems to avoid triggering alarms
• Some intelligence gathering features require internet access
• Post-exploitation features require a successful SSH connection first

Disclaimer

This tool is provided for educational and authorized testing purposes only. The developer assumes no liability and is not responsible for any misuse or damage caused by this program. It is the end user's responsibility to obey all applicable local, state, federal, and international laws.

MIT License Copyright (c) 2026 ek0mssavi0r / Church of Malware Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. USE AT YOUR OWN RISK. NO WARRANTY PROVIDED.