macOS
brew install ssh-mitmlocal Homebrew formula metadata
brew
SSH server for security audits and malware analysis. Version 5.0.1 via Homebrew; verified 2026-04-21.
install
brew install ssh-mitmlocal Homebrew formula metadata
nix profile install nixpkgs#ssh-mitmnixpkgs package indexes · pkgs/by-name/ss/ssh-mitm/package.nix · source: api.github.com
overview
SSH server for security audits and malware analysis
history
SSH-MITM is an interactive SSH interception tool for authorized security audits, penetration testing, training labs, and malware-analysis environments. Its package-manager relevance comes from making a specialized man-in-the-middle SSH audit workflow installable as a normal CLI rather than as a one-off lab script.
The project presents itself as an active security research tool rather than a general-purpose SSH server. Its documentation says it was originally developed to study SSH client behavior and authentication weaknesses, especially the ambiguity around FIDO2 hardware-token confirmations in man-in-the-middle scenarios.
The official README advertises multiple distribution channels, including AppImage, Flatpak, Snap, pip, and direct installation from GitHub. Homebrew and Nix packaging in the input show that it also entered package-manager catalogs used by security engineers who want reproducible CLI installs.
Typical use places SSH-MITM between a client and a target SSH server, then runs commands such as `ssh-mitm server --remote-host <target-host>` and has a test client connect through the interception port. The tool can capture authentication, mirror live sessions, inspect or alter SFTP/SCP transfers, intercept port forwarding, and run audit plugins.
Package nerds care because SSH-MITM turns SSH protocol research into an installable command with extras such as tutorials, plugins, AppImage and desktop packaging, and documented CVE-driven audit workflows. It sits at the edge of package-manager culture where offensive security labs, training images, and repeatable toolchains meet.
security posture
broad file, network, media, or database tool signal. escape, surveillance, or offensive capability signal.
red risk · medium confidence · escape-surveillance-offensive
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
ssh-mitm | cli | global executable | |
ssh-mitm-askpass | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
install metadata
| Package key | brew:ssh-mitm |
|---|---|
| Version | 5.0.1 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/ssh-mitm |
| Homepage | https://docs.ssh-mitm.at |
| Repository | https://github.com/ssh-mitm/ssh-mitm |
| Upstream docs | https://docs.ssh-mitm.at/ |
| License | GPL-3.0-only |
| Source archive | https://files.pythonhosted.org/packages/f0/4e/c804d08c336bcff29fd665fdc3ff9d3698d529b1d75462b89bc53527862a/ssh_mitm-5.0.1.tar.gz |
| Last updated | 2026-04-21T12:10:04-07:00 |
| Pulse | updated |
| Dependencies | cryptography, libsodium, libyaml, python@3.14 |
| Build dependencies | pkgconf, rust |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | ssh-mitm |
| Version Scheme | 0 |
| Revision | 4 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
ssh-mitm
nix profile install nixpkgs#ssh-mitmsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.