Pam_steal Plugin – Pam password logger
PAM (Pluggable Authentication Modules) is a set of shared libraries that enable the integration of a variety of low-level authentication methods in a single high-level API. This allows you to provide a uniform mechanism for managing, integrating applications in the authentication process. it is also one part of the standard security mechanism in UNIX-systems.
If you are looking to test PAM security implementation you can check PAM_steal plugin. This is a plugin that will save clear password transmitted by users and applications in a text file. All you need to do is to add auth required pam_steal.so script in /etc/pam.d/common-auth and you will find all successful PAM authentication to SSH , FTP , services in the log file /tmp/.steal.log.
This tool can be used by security pentester or during a security awareness training as a proof of concept. You can download the tool from this link: https://github.com/ONsec-Lab/scripts/tree/master/pam_steal