dissect.target.plugins.apps.ssh.putty#
Module Contents#
Classes#
Extract artifacts from the PuTTY client. |
Functions#
Parse host and user from PuTTY hostname component. |
|
Returns OpenSSH format public key calculated from PuTTY SshHostKeys format. |
Attributes#
- dissect.target.plugins.apps.ssh.putty.log#
- dissect.target.plugins.apps.ssh.putty.PuTTYUserRecordDescriptor#
- dissect.target.plugins.apps.ssh.putty.PuTTYSessionRecord#
- class dissect.target.plugins.apps.ssh.putty.PuTTYPlugin(target)#
Bases:
dissect.target.plugins.apps.ssh.ssh.SSHPluginExtract artifacts from the PuTTY client.
Note
Does not parse
$HOME/.putty/randomseed(GNU/Linux) andHKCU\Software\SimonTatham\PuTTY\RandSeedFile(Windows)
- Resources:
- __namespace__ = 'putty'#
- check_compatible() None#
Perform a compatibility check with the target.
This function should return
Noneif the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- known_hosts() Iterator[dissect.target.plugins.apps.ssh.ssh.KnownHostRecord]#
Parse PuTTY saved SshHostKeys.
- sessions() Iterator[PuTTYSessionRecord]#
Parse PuTTY saved session configuration files.
- dissect.target.plugins.apps.ssh.putty.parse_host_user(host: str, user: str) tuple[str, str]#
Parse host and user from PuTTY hostname component.
- dissect.target.plugins.apps.ssh.putty.construct_public_key(key_type: str, iv: str) str#
Returns OpenSSH format public key calculated from PuTTY SshHostKeys format.
PuTTY stores raw public key components instead of OpenSSH-formatted public keys or fingerprints. With RSA public keys the exponent and modulus are stored. With ECC keys the x and y prime coordinates are stored together with the curve type.
Currently supports
ssh-ed25519,ecdsa-sha2-nistp256andrsa2key types.Note
Sha256 fingerprints of the reconstructed public keys are currently not generated.
More key types could be supported in the future.