Quick-deploy SSH server for tunneling and simple SCP transfers - never opens a shell.
Project description
sshcatch
A quick-deploy SSH server for tunneling (local/remote/dynamic) and simple SCP transfers - it NEVER opens a shell.
By default all features are disabled: connections are logged and closed.
Turn on what you need with the flags described below. Handy on an engagement
when you want a controlled SSH endpoint without using a full sshd.
Built on asyncssh.
Install
pip install sshcatch
Or from source:
git clone https://github.com/LorenzMap/sshcatch
cd sshcatch
pip install .
Needs Python 3.10+. A host key is auto-generated in the working directory on
first run (or point --host-key at your own).
Usage
Because no shell is created on the server always use the -N flag on
your tunnel connections or you get disconnected instantly!
The SCP directory does intentionally NOT support subdirectories!
Log-only - just capture creds and full public keys:
# Server
sshcatch -K
# Client
ssh user@host
Let one user pull files via SCP/SFTP:
# Server
sshcatch -u user:pass --scp-download
# Client
scp user@host:secret.txt .
Let anyone tunnel through the server (local and dynamic forwards):
# Server
sshcatch --open-auth --forward
# Client
ssh -NL 8080:internal:80 user@host # local forward
ssh -ND 1080 user@host # dynamic (SOCKS)
My favorite one - reverse tunnel and SCP uploads for the keys in
./authorized-keys, while posing as a ubuntu SSH server on port 2222:
# Server
sshcatch --reverse --authorized-keys ./authorized-keys --scp-upload --version-banner ubuntu -p 2222
# Client
ssh -NR 9000:localhost:22 user@host -p 2222 # reverse tunnel
scp -P 2222 loot.tar user@host:. # upload
Options
usage: sshcatch [-h] [--version] [-p PORT] [-b BIND] [--host-key FILE]
[-u USER:PASS] [--open-auth] [--authorized-keys FILE] [-K]
[--forward] [--reverse] [--scp-upload] [--scp-download]
[--scp-dir DIR] [--version-banner STRING]
[--pre-auth-banner STRING] [--post-auth-banner STRING]
[-o FILE] [-t] [--plain]
options:
-h, --help show this help message and exit
--version show program's version number and exit
-p PORT, --port PORT listen port (default: 22)
-b BIND, --bind BIND bind address (default: all IPv4/v6 interfaces)
--host-key FILE server host key file (default: auto-generate)
authentication:
-u USER:PASS, --user USER:PASS
allowed user:password (repeatable)
--open-auth accept any credentials (open mode)
--authorized-keys FILE
authorized_keys file for key auth (username
independent)
-K, --full-keys log the full offered public key, not just its
fingerprint
tunneling:
--forward enable forward tunnels (client: ssh -NL / -ND)
--reverse enable reverse tunnels (client: ssh -NR)
SCP / file transfer:
--scp-upload enable file upload (SCP/SFTP write) - subdirectories
are disabled - files get suffix instead of overwriting
--scp-download enable file download (SCP/SFTP read) - subdirectories
are disabled
--scp-dir DIR directory for SCP/SFTP (default: cwd) - subdirectories
are disabled - host-key (and optional authorized_keys
and logfile) are protected
banners:
--version-banner STRING
sent as 'SSH-2.0-STRING' version banner - presets
(case-insensitive): ubuntu, debian, dropbear, windows,
macos
--pre-auth-banner STRING
banner shown to every client before login
--post-auth-banner STRING
banner shown only to clients that authenticate
successfully
logging:
-o FILE, --output FILE
append the log to FILE (plain with timestamps)
-t, --timestamps prefix console lines with a timestamp
--plain disable ANSI colors on the console
A word of warning
-
This is a pentesting tool. Only point it at systems and networks you are authorized to test.
-
--open-auth --forwardmeans ANYONE can tunnel through your host - know what you're exposing before you run it.
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sshcatch-0.1.0.tar.gz.
File metadata
- Download URL: sshcatch-0.1.0.tar.gz
- Upload date:
- Size: 12.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a006a9c7473637ead623cd2e9437e158d72be3c79cff90f452050327ffd43a54
|
|
| MD5 |
cef9e983a14d400c324fbf3423d2d0ef
|
|
| BLAKE2b-256 |
77b635bbb87f0db92575aa3bb5038ae3c1aee9d44499bc53c2f9f8b04e119483
|
File details
Details for the file sshcatch-0.1.0-py3-none-any.whl.
File metadata
- Download URL: sshcatch-0.1.0-py3-none-any.whl
- Upload date:
- Size: 11.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3e9a7dc462ad4f0e5f9fb7b630ed113a815ef046b9f3dbf75398eb88835c5682
|
|
| MD5 |
8cc78aacbeb31ba7d80b0fdd48d67f57
|
|
| BLAKE2b-256 |
82438c9bf3b0def3b267e93ac929ce8c9c1d636ce8e8f14767aacc624a2c7b42
|