An sshd that logs passwords and pubkey auth attempts. It can also bruteforce attackers with their own passwords.
atsshd listens for incoming SSH connections and logs the username, password, and/or pubkey fingerprint. It has an attack mode option where it will try the username/password combo against the attacker IP in realtime, as the credentials come in. All incoming authentication attempts will always fail. The sshd will not attack 127.0.0.1 in order to avoid loops.
$ atsshd --help
Usage of atsshd:
-A enable attack mode
-b banner
SSH server banner (default "SSH-2.0-OpenSSH_7.4p1")
-k file
SSH server host key PEM files
-l file
output log file
-p port
port to listen on (default 22)
-s source
source IP of interface to bind toIn attack mode, the attacker will get attacked serially. If 3 network failures happen in a row, we give up on attacking and just log the incoming passwords.
This tool is for demonstration purposes only