An open-source penetration testing tool called SSH-Snake is being leveraged by threat actors to target victims using vulnerable business software.

SSH-Snake was designed by security engineer Joshua Rogers and published on GitHub on Jan. 4, 2024. Rogers explained in a post on his website that the tool is designed to automate the process of searching for and using SSH private keys to move from system to system, as well as visually map the SSH connections throughout a network.