dissect.target.plugins.apps.ssh.ssh
¶
Module Contents¶
Classes¶
Base class for plugins. |
|
A class to parse (OpenSSH-supported) SSH private keys. |
Functions¶
Calculate the MD5, SHA1 and SHA256 digest of the given decoded public key. |
|
Validate data is a valid looking SSH private key in the OpenSSH format. |
|
Base64 decode the private key data. |
|
Validate data is a valid looking PKCS8 SSH private key. |
|
Validate data is a valid looking PEM SSH private key. |
Attributes¶
- dissect.target.plugins.apps.ssh.ssh.rfc4716_def = Multiline-String¶
Show Value
""" struct ssh_string { uint32 length; char value[length]; } struct ssh_private_key { char magic[15]; ssh_string cipher; ssh_string kdf_name; ssh_string kdf_options; uint32 number_of_keys; ssh_string public; ssh_string private; } """
- dissect.target.plugins.apps.ssh.ssh.c_rfc4716¶
- dissect.target.plugins.apps.ssh.ssh.RFC4716_MARKER_START = b'-----BEGIN OPENSSH PRIVATE KEY-----'¶
- dissect.target.plugins.apps.ssh.ssh.RFC4716_MARKER_END = b'-----END OPENSSH PRIVATE KEY-----'¶
- dissect.target.plugins.apps.ssh.ssh.RFC4716_MAGIC = b'openssh-key-v1\x00'¶
- dissect.target.plugins.apps.ssh.ssh.RFC4716_PADDING = b'\x01\x02\x03\x04\x05\x06\x07'¶
- dissect.target.plugins.apps.ssh.ssh.RFC4716_NONE = b'none'¶
- dissect.target.plugins.apps.ssh.ssh.PKCS8_MARKER_START = b'-----BEGIN PRIVATE KEY-----'¶
- dissect.target.plugins.apps.ssh.ssh.PKCS8_MARKER_END = b'-----END PRIVATE KEY-----'¶
- dissect.target.plugins.apps.ssh.ssh.PKCS8_MARKER_START_ENCRYPTED = b'-----BEGIN ENCRYPTED PRIVATE KEY-----'¶
- dissect.target.plugins.apps.ssh.ssh.PKCS8_MARKER_END_ENCRYPTED = b'-----END ENCRYPTED PRIVATE KEY-----'¶
- dissect.target.plugins.apps.ssh.ssh.PEM_MARKER_START_RSA = b'-----BEGIN RSA PRIVATE KEY-----'¶
- dissect.target.plugins.apps.ssh.ssh.PEM_MARKER_END_RSA = b'-----END RSA PRIVATE KEY-----'¶
- dissect.target.plugins.apps.ssh.ssh.PEM_MARKER_START_DSA = b'-----BEGIN DSA PRIVATE KEY-----'¶
- dissect.target.plugins.apps.ssh.ssh.PEM_MARKER_END_DSA = b'-----END DSA PRIVATE KEY-----'¶
- dissect.target.plugins.apps.ssh.ssh.PEM_MARKER_START_EC = b'-----BEGIN EC PRIVATE KEY-----'¶
- dissect.target.plugins.apps.ssh.ssh.PEM_MARKER_END_EC = b'-----END EC PRIVATE KEY-----'¶
- dissect.target.plugins.apps.ssh.ssh.PEM_ENCRYPTED = b'ENCRYPTED'¶
- dissect.target.plugins.apps.ssh.ssh.OpenSSHUserRecordDescriptor¶
- dissect.target.plugins.apps.ssh.ssh.COMMON_ELLEMENTS = [('string', 'key_type'), ('string', 'comment'), ('path', 'path')]¶
- dissect.target.plugins.apps.ssh.ssh.AuthorizedKeysRecord¶
- dissect.target.plugins.apps.ssh.ssh.KnownHostRecord¶
- dissect.target.plugins.apps.ssh.ssh.PrivateKeyRecord¶
- dissect.target.plugins.apps.ssh.ssh.PublicKeyRecord¶
- class dissect.target.plugins.apps.ssh.ssh.SSHPlugin(target: dissect.target.Target)¶
Bases:
dissect.target.plugin.NamespacePlugin
Base class for plugins.
Plugins can optionally be namespaced by specifying the
__namespace__
class attribute. Namespacing results in your plugin needing to be prefixed with this namespace when being called. For example, if your plugin has specifiedtest
as namespace and a function calledexample
, you must call your plugin withtest.example
:A
Plugin
class has the following private class attributes:__namespace__
__record_descriptors__
With the following three being assigned in
register()
:__plugin__
__functions__
__exports__
Additionally, the methods and attributes of
Plugin
receive more private attributes by using decorators.The
export()
decorator adds the following private attributes__exported__
__output__
: Set with theexport()
decorator.__record__
: Set with theexport()
decorator.
The
internal()
decorator andInternalPlugin
set the__internal__
attribute. Finally.args()
decorator sets the__args__
attribute.The
alias()
decorator populates the__aliases__
private attribute ofPlugin
methods.- Parameters:
target – The
Target
object to load the plugin for.
- __namespace__ = 'ssh'¶
Defines the plugin namespace.
- dissect.target.plugins.apps.ssh.ssh.calculate_fingerprints(public_key_decoded: bytes, ssh_keygen_format: bool = False) tuple[str, str, str] ¶
Calculate the MD5, SHA1 and SHA256 digest of the given decoded public key.
Adheres as much as possible to the output provided by ssh-keygen when
ssh_keygen_format
parameter is set toTrue
. When set toFalse
(default) hexdigests are calculated instead forsha1``and ``sha256
.- Resources:
ssh-keygen -l -E <alg> -f key.pub
- dissect.target.plugins.apps.ssh.ssh.is_rfc4716(data: bytes) bool ¶
Validate data is a valid looking SSH private key in the OpenSSH format.
- dissect.target.plugins.apps.ssh.ssh.decode_rfc4716(data: bytes) bytes ¶
Base64 decode the private key data.
- dissect.target.plugins.apps.ssh.ssh.is_pkcs8(data: bytes) bool ¶
Validate data is a valid looking PKCS8 SSH private key.