SSH Private Key Looting Wordlists. A Collection Of Wordlists To Aid In Locating Or Brute-Forcing SSH Private Key File Names.
LFI for Lateral Movement? Gain SSH Access?
?file=../../../../../../../../home/user/.ssh/id_rsa?file=../../../../../../../../home/user/.ssh/id_rsa-cert
SSH Private Key Looting Wordlists 🔒🗝️
This repository contains a collection of wordlists to aid in locating or brute-forcing SSH private key file names. These wordlists can be useful for penetration testers, security researchers, and anyone else interested in assessing the security of SSH configurations.
Wordlist Files 📝
ssh-priv-key-loot-common.txt: Default and common naming conventions for SSH private key files. ssh-priv-key-loot-medium.txt: Probable file names without backup file extensions. ssh-priv-key-loot-extended.txt: Probable file names with backup file extensions. ssh-priv-key-loot-*_w_gui.txt: Includes file names simulating Ctrl+C and Ctrl+V on servers with a GUI.Usage 🚀
These wordlists can be used with tools such as Burp Intruder, Hydra, custom python scripts, or any other bruteforcing tool that supports custom wordlists. They can help expand the scope of your brute-forcing or enumeration efforts when targeting SSH private key files.
Acknowledgements 🙏
This wordlist repository was inspired by John Hammond in his vlog "Don't Forget This One Hacking Trick."
Disclaimer ⚠️
Please use these wordlists responsibly and only on systems you are authorized to test. Unauthorized use is illegal.