KHracker - Known Hosts Entry Decrypter

Property Value
Distribution CentOS 6
Repository CERT Forensics Tools x86_64
Package filename KHracker-0.3-1.el6.noarch.rpm
Package name KHracker
Package version 0.3
Package release 1.el6
Package architecture noarch
Package type rpm
Category Development/Libraries/Python
License GPL
Maintainer -
Download size 187.99 KB
Installed size 232.87 KB
KHracker is a python-based decryption tool for encrypted known_hosts entries. It will
attempt to decrypt values stored in SSH known_hosts files, if the encryption option has
been enabled for that computer. By default, known_hosts entries are not encrypted, but
there is an option to do so. From a forensics perspective, encrypted known_hosts entries
can prevent an investigator from seeing other computers a user may have been
connecting to. Information about the connections made from a system can be integral to
identifying a complete understanding of the systems involved in a network intrusion or
incident response case.


Package Version Architecture Repository
KHracker-0.3-1.el6.noarch.rpm 0.3 noarch CERT Forensics Tools
KHracker - - -


Name Value
/usr/bin/env -
python >= 2.4
python-netaddr -


Name Value
KHracker = 0.3-1.el6


Type URL
Binary Package KHracker-0.3-1.el6.noarch.rpm
Source Package KHracker-0.3-1.el6.src.rpm

Install Howto

  1. Add EPEL and RPMForge repositories
  2. Download cert-forensics-tools-release-el6 rpm:
  3. Install cert-forensics-tools-release-el6 rpm:
    # rpm -Uvh cert-forensics-tools-release*rpm
  4. Install KHracker rpm package:
    # yum --enablerepo=forensics install KHracker




2011-09-13 - Kevin Moore <> 0.3-1
* Release 0.3-1
Initial release

See Also

Package Description
LogAnalysisToolKit-1.7-1.el6.noarch.rpm Log Analysis Tool Kit (latk)
Volatility-2.6.1-3.el6.x86_64.rpm Tools for the extraction of digital artifacts from volatile memory (RAM) images
Volatility-community-plugins-20190729-2.el6.noarch.rpm Volatility-community-plugins
acr-1.4-1.el6.x86_64.rpm Reverse Engineering Framework
adns-1.2-1.el6.x86_64.rpm Asynchronous-capable resolver library
adns-devel-1.2-1.el6.x86_64.rpm Header files, libraries and development documentation for adns
aeskeyfind-1.0-4.el6.x86_64.rpm aeskeyfind - locate 128-bit and 256-bit AES keys in a captured memory image
afflib-3.7.4-1.el6.x86_64.rpm Library to support the Advanced Forensic Format
afflib-devel-3.7.4-1.el6.x86_64.rpm Development files for afflib
afftools-3.7.4-1.el6.x86_64.rpm Utilities for afflib
aimage-3.2.5-3.el6.x86_64.rpm Advanced Disk Imager
analysis-pipeline-5.11.3-1.el6.x86_64.rpm Stream analysis of SiLK records
analyzeMFT- analyzeMFT
artifacts-20161022-1.el6.x86_64.rpm artifacts - knowledge base of forensic artifacts
ataraw-0.2.1-1.el6.x86_64.rpm Linux user-level ATA raw command utility