summaryrefslogtreecommitdiff
path: root/spec/fixtures/tasks/gitlab/security/ssh-badkeys/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'spec/fixtures/tasks/gitlab/security/ssh-badkeys/README.md')
-rw-r--r--spec/fixtures/tasks/gitlab/security/ssh-badkeys/README.md12
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/fixtures/tasks/gitlab/security/ssh-badkeys/README.md b/spec/fixtures/tasks/gitlab/security/ssh-badkeys/README.md
new file mode 100644
index 00000000000..4c0b33e1117
--- /dev/null
+++ b/spec/fixtures/tasks/gitlab/security/ssh-badkeys/README.md
@@ -0,0 +1,12 @@
+# SSH Bad Keys
+
+This is a collection of static SSH keys (host and authentication) that have made their way into software and hardware products. This was inspired by the [Little Black Box](https://code.google.com/p/littleblackbox/) project, but focused primarily on SSH (as opposed to TLS) keys.
+
+Keys are split into two categories; authorized keys and host keys. The authorized keys can be used to gain access to a device with this public key. The host keys can be used to conduct a MITM attack against the device, but do not provide direct access.
+
+This collection depends on submissions from researchers to stay relevant. If you are aware of a static key (host or authorized), please open an [Issue](https://github.com/rapid7/ssh-badkeys/issues) or submit a Pull Request. The [Issues](https://github.com/rapid7/ssh-badkeys/issues) list also contains a wishlist of known bad keys that we would like to include.
+
+For additional key types and a broader scope, take a look at the [Kompromat](https://github.com/BenBE/kompromat) project.
+
+
+
View Lorry Controller Status