OpenSSH Session Key Recovery

Project containing several tools/ scripts to recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic. More information can be found in this blogpost.

Volatility 3 Usage

Without changing the volatility3 repository

Use the plugin

Put the plugin path after the -p flag.

Give the symbol

The correct symbol file (openssh32 or openssh64) must be in the directory given after the -s.

Or put both, the plugin can choose the right one.

Adding the files in the repository

Plugin

Plugin file can be added to volatility3/framework/plugins/linux

Symbols

Symbols can be added to volatility3/framework/symbols/linux

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

OpenSSH Session Key Recovery

Volatility 3 Usage

Without changing the volatility3 repository

Use the plugin

Give the symbol

Adding the files in the repository

Plugin

Symbols

Files

README.md

Latest commit

History

README.md

File metadata and controls

OpenSSH Session Key Recovery

Volatility 3 Usage

Without changing the volatility3 repository

Use the plugin

Give the symbol

Adding the files in the repository

Plugin

Symbols