SSH-Private-Key-Looting-Wordlists - A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names


SSH Private Key Looting Wordlists. A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names.


LFI for Lateral Movement? Gain SSH Access?
?file=../../../../../../../../home/user/.ssh/id_rsa?file=../../../../../../../../home/user/.ssh/id_rsa-cert

SSH Private Key Looting Wordlists đŸ”’đŸ—️

This repository contains a collection of wordlists to aid in locating or brute-forcing SSH private key file names. These wordlists can be useful for penetration testers, security researchers, and anyone else interested in assessing the security of SSH configurations.


Wordlist Files đŸ“
  • ssh-priv-key-loot-common.txt: Default and common naming conventions for SSH private key files.
  • ssh-priv-key-loot-medium.txt: Probable file names without backup file extensions.
  • ssh-priv-key-loot-extended.txt: Probable file names with backup file extensions.
  • ssh-priv-key-loot-*_w_gui.txt: Includes file names simulating Ctrl+C and Ctrl+V on servers with a GUI.

Usage đŸš€

These wordlists can be used with tools such as Burp Intruder, Hydra, custom python scripts, or any other bruteforcing tool that supports custom wordlists. They can help expand the scope of your brute-forcing or enumeration efforts when targeting SSH private key files.


Acknowledgements đŸ™

This wordlist repository was inspired by John Hammond in his vlog "Don't Forget This One Hacking Trick."


Disclaimer ⚠️

Please use these wordlists responsibly and only on systems you are authorized to test. Unauthorized use is illegal.




Via: www.kitploit.com
SSH-Private-Key-Looting-Wordlists - A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names SSH-Private-Key-Looting-Wordlists - A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names Reviewed by Zion3R on 2:01 Rating: 5