← All tools

Container-Backed Pentest Toolkit

SSH Crypto Audit

Audit SSH algorithms, ciphers, KEX exchanges, and host keys; flag weak / deprecated crypto.

kali_ssh_audit

Overview

Container-backed ssh-audit. Produces a per-target report covering KEX, host-key, encryption, MAC, and compression algorithms.

How it works

Built from KaliToolbox.sshAudit(). 100% read-only — no auth attempts of any kind.

Example

When a user asks:

Audit the SSH crypto on 192.168.1.5

the agent calls the tool:

kali_ssh_audit(target="192.168.1.5")

and gets back: (banner) SSH-2.0-OpenSSH_9.2p1 (rec) -kex-rsa-sha1 -- remove weak KEX (rec) +diffie-hellman-group16-sha512 -- append modern KEX (info) [policy] Hardening Guide: Mozilla Modern profile

Configuration

Set these before calling the tool. Values marked required must be present or the tool call will fail.

swarmai.skill.container.runtime required

Shared ContainerSkillRuntime.

Use it in a workflow

Wire this tool into a SwarmAI crew. Use the YAML DSL for declarative workflows, or the Java builder API when you want full programmatic control.

YAML DSL

# Reactive audit step:
# 1. kali_nmap finds 192.168.1.5:22 open (ssh)
# 2. agent calls kali_ssh_audit(target='192.168.1.5')
# 3. report flags weak ciphers — agent includes them in the findings report

Java

import ai.intelliswarm.swarmai.skill.runtime.KaliToolbox;
import ai.intelliswarm.swarmai.skill.runtime.ContainerSkillRuntime;

var sshAudit = new KaliToolbox(new ContainerSkillRuntime()).sshAudit();
String report = (String) sshAudit.execute(java.util.Map.of("target", "192.168.1.5"));

What it's good for

Real scenarios where agents put this tool to work.

SSH posture review across a fleet of hosts
Pre-deployment crypto check on internal SSH servers
Compose with kali_sslscan for SSH+TLS coverage

Source

Implementation lives at swarmai-core/src/main/java/ai/intelliswarm/swarmai/skill/runtime/KaliToolbox.java in the swarm-ai repository.

Open kali_ssh_audit on GitHub →