SSH-Snake: Automated SSH-Based Network Traversal

I know this is positioned as a hacking tool, but it seems actually pretty useful. It&#x27;s pretty easy to lose track of where your keys are used and how you might perform hops. Having that diagram be generated for you really looks useful and can help you navigate this.<p>I&#x27;m sure there are good practices to solve this (and please suggest them, I&#x27;m always looking to learn more), but I&#x27;m no expert. I do daily drive linux and am terminally terminal, so it wouldn&#x27;t surprise me if the GUI people are even worse. I think this is a general problem with a lot of terminal based tools, is that there are far higher expectations to read the documentation and less focus on design (and importantly, design that makes sense to someone that isn&#x27;t you). Totally fine for hacky projects but with something as mature as ssh it seems like we&#x27;d have far better tools built in or to exist. I&#x27;m sure many do exist, but are they well known? (I&#x27;m happy to see any tools if you all have some suggestions)

An interesting limitation mentioned in the README<p>&quot;IPv4 Only: Like all of the best programs, the script does not support IPv6. I can&#x27;t imagine there will be support for this anytime soon.&quot;<p>What are considered &quot;all the best programs&quot; these days? Is IPv6 adoption really so looked down upon?

[dupe] of <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=38877185">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=38877185</a> (I&#x27;m the author)

This is a good reminder to give keys only to huma s and in case of e.g. backups use specific users and limit the commands this user can access on the remote machines via jails or the authorized key file.

This part of the readme makes me a bit worried:<p><pre><code> curl https:&#x2F;&#x2F;raw.githubusercontent.com&#x2F;MegaManSec&#x2F;SSH-Snake&#x2F;main&#x2F;Snake.nocomments.sh | stdbuf -o0 bash </code></pre> Combined with the admission that the tool is intended for hacking, I would be concerned that it would suddenly start to phone home with all keys and hosts at some point after users have started using it.

I&#x27;m curious why this tool wouldn&#x27;t use all the settings in the ssh config to attempt to connect to hosts.. instead it only picks a subset of those settings. For example, of the config file specifies a port besides 22, it won&#x27;t be able to connect to that host (or for example, if the config file sets `PubkeyAcceptedAlgorithms=+ssh-rsa` which is necessary, albeit insecure, if using an older private key file on a newer version of ssh which disables RSA key exchange)<p>I see no downside to just using the hostname from the config file instead of trying to apply a few select options from the config, and non-standard ports are extremely common

The snake sh code was a graceful late night read to me. Thanks. I can see it being used even to purposely puppeteer ssh linked machines

Here’s a similar project, but for windows AD networks<p><a href="https:&#x2F;&#x2F;github.com&#x2F;byt3bl33d3r&#x2F;DeathStar">https:&#x2F;&#x2F;github.com&#x2F;byt3bl33d3r&#x2F;DeathStar</a>

Is there any risk with running this locally just to see what SSH traversal is available? I have several legitimate hosts I SSH into regularly, some are cloud hosting.

If you need this, your private key management needs to be reviewed and reworked, imo.

&gt; bash (tons of other deps)<p>already excludes most modems and iot. :(<p>probably need a rewrite in sh and dropbear

A message-passer or a Quine? Because a Quine would be awesome.