:py:mod:`dissect.target.plugins.apps.ssh.putty`
===============================================

.. py:module:: dissect.target.plugins.apps.ssh.putty


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.apps.ssh.putty.PuTTYPlugin



Functions
~~~~~~~~~

.. autoapisummary::
   :nosignatures:

   dissect.target.plugins.apps.ssh.putty.parse_host_user
   dissect.target.plugins.apps.ssh.putty.construct_public_key



Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.apps.ssh.putty.HAS_CRYPTO
   dissect.target.plugins.apps.ssh.putty.log
   dissect.target.plugins.apps.ssh.putty.PuTTYUserRecordDescriptor
   dissect.target.plugins.apps.ssh.putty.PuTTYSessionRecord


.. py:data:: HAS_CRYPTO
   :value: True

   

.. py:data:: log

   

.. py:data:: PuTTYUserRecordDescriptor

   

.. py:data:: PuTTYSessionRecord

   

.. py:class:: PuTTYPlugin(target)


   Bases: :py:obj:`dissect.target.plugins.apps.ssh.ssh.SSHPlugin`

   Extract artifacts from the PuTTY client.

   .. note::

      - Does not parse ``$HOME/.putty/randomseed`` (GNU/Linux)
        and ``HKCU\Software\SimonTatham\PuTTY\RandSeedFile`` (Windows)

   Resources:
       - http://www.chiark.greenend.org.uk/~sgtatham/putty/0.78/puttydoc.txt
       - http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-settings

   .. py:attribute:: __namespace__
      :value: 'putty'

      

   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with
      the current target (``self.target``). For example, check if a certain
      file exists.
      Otherwise it should raise an ``UnsupportedPluginError``.

      :raises UnsupportedPluginError: If the plugin could not be loaded.


   .. py:method:: known_hosts() -> Iterator[dissect.target.plugins.apps.ssh.ssh.KnownHostRecord]

      Parse PuTTY saved SshHostKeys.


   .. py:method:: sessions() -> Iterator[PuTTYSessionRecord]

      Parse PuTTY saved session configuration files.



.. py:function:: parse_host_user(host: str, user: str) -> tuple[str, str]

   Parse host and user from PuTTY hostname component.


.. py:function:: construct_public_key(key_type: str, iv: str) -> tuple[str, tuple[str, str, str]]

   Returns OpenSSH format public key calculated from PuTTY SshHostKeys format and set of fingerprints.

   PuTTY stores raw public key components instead of OpenSSH-formatted public keys
   or fingerprints. With RSA public keys the exponent and modulus are stored.
   With ECC keys the x and y prime coordinates are stored together with the curve type.

   Currently supports ``ssh-ed25519``, ``ecdsa-sha2-nistp256`` and ``rsa2`` key types.

   NOTE: More key types could be supported in the future.

   Resources:
       - https://github.com/github/putty/blob/master/contrib/kh2reg.py
       - https://pycryptodome.readthedocs.io/en/latest/src/public_key/rsa.html
       - https://pycryptodome.readthedocs.io/en/latest/src/public_key/ecc.html
       - https://github.com/mkorthof/reg2kh