baboossh v1.2 releases: SSH spreading made easy for red teams
BabooSSH allows you, from a simple SSH connection to a compromised host, to quickly gather info on other SSH endpoints to pivot and compromise them.
git clone https://github.com/cybiere/baboossh.git cd baboossh pip3 install .
Start baboosh by running baboossh.py. At first run, it will create a .baboossh directory in your home directory and a default workspace.
You are now in front of BabooSSH prompt, which indicates the current workspace.
Start by adding a User, its Creds and an Endpoint:
Then set these objects as active options. Notice how the prompt changes to indicate current active options:<
And connect to check if supplied credentials are valid.
If they are not valid, add new Users and Creds, set them as active and connect with them:
Once valid, a connection with the flag Working will be available:
Set a payload and its parameters and run it:
Use payload gather to gather information about other users, credentials, and endpoints in the network:
Set newly discovered targets as active and try to connect:
Copyright (C) 2019 Nicolas Cosnard