baboossh v1.0.2 releases: SSH spreading made easy for red teams
BabooSSH allows you, from a simple SSH connection to a compromised host, to quickly gather info on other SSH endpoints to pivot and compromise them.
- Fixed gather bug on big files
git clone https://github.com/cybiere/baboossh.git cd baboossh pip3 install .
Start baboosh by running baboossh.py. At first run, it will create a .baboossh directory in your home directory and a default workspace.
You are now in front of BabooSSH prompt, which indicates the current workspace.
And connect to check if supplied credentials are valid.
If they are not valid, add new Users and Creds, set them as active and connect with them:
Once valid, a connection with the flag Working will be available:
Set a payload and its parameters and run it:
Use payload gather to gather information about other users, credentials, and endpoints in the network:
Set newly discovered targets as active and try to connect:
Copyright (C) 2019 Nicolas Cosnard