https://github.com/fox-it/OpenSSH-Session-Key-Recovery

Project containing several tools/ scripts to recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic.
https://github.com/fox-it/OpenSSH-Session-Key-Recovery

memory openssh pcap sshd volatility volatility3

Last synced: 3 months ago
JSON representation

Project containing several tools/ scripts to recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic.

• Host: GitHub
• URL: https://github.com/fox-it/OpenSSH-Session-Key-Recovery
• Owner: fox-it
• License: apache-2.0
• Created: 2020-11-10T18:37:53.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2024-05-22T13:26:05.000Z (9 months ago)
• Last Synced: 2024-05-22T13:54:07.351Z (9 months ago)
• Topics: memory, openssh, pcap, sshd, volatility, volatility3
• Language: Python
• Homepage: https://blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/
• Size: 24.4 KB
• Stars: 76
• Watchers: 6
• Forks: 17
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-volatility - OpenSSH Session Key Recovery - Recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic. (Volatility 3 / Plugins)

README

        
# OpenSSH Session Key Recovery

Project containing several tools/ scripts to recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic. More information can be found in [this blogpost](https://blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/).

# Volatility 3 Usage

## Without changing the volatility3 repository

### Use the plugin

Put the plugin path after the `-p` flag.

### Give the symbol

The correct symbol file (openssh32 or openssh64) must be in the directory given after the `-s`.

Or put both, the plugin can choose the right one.

## Adding the files in the repository

### Plugin

Plugin file can be added to `volatility3/framework/plugins/linux`

### Symbols

Symbols can be added to `volatility3/framework/symbols/linux`