This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and a legitimate SSH server; all plaintext passwords and sessions are logged to disk.
Of course, the victim’s SSH client will complain that the server’s key has changed. Because 99.99999% of the time this is caused by a legitimate action (OS re-install, configuration change, etc), many/most users will disregard the warning and continue on.
NOTE: Only run the modified sshd_mitm in a VM or container! Ad-hoc edits were made to the OpenSSH sources in critical regions, with no regard to their security implications. It’s not hard to imagine these edits introduce serious vulnerabilities.