SSH Penetration Testing

Warn

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides a library of commands for offensive security operations, including network scanning with Nmap, credential brute-forcing using Hydra and Medusa, and vulnerability exploitation via the Metasploit Framework.
  • [COMMAND_EXECUTION]: The post-exploitation section includes instructions to establish persistence on a compromised host by appending a public key to the ~/.ssh/authorized_keys file.
  • [COMMAND_EXECUTION]: The methodology details steps for identifying privilege escalation paths, specifically using the sudo -l command and inspecting system configuration files.
  • [DATA_EXFILTRATION]: The skill instructs the user or agent to search for and read sensitive data from the target file system, such as SSH private keys (id_rsa, id_dsa, id_ecdsa, id_ed25519) and shell history files (.bash_history), which are identified as potential sources for credentials.
  • [EXTERNAL_DOWNLOADS]: The skill suggests using network utilities like curl and wget to check for and potentially retrieve exposed SSH keys from remote web servers or backup directories.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 06:48 PM
Security Audit — agent-trust-hub — SSH Penetration Testing