Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
3.7 (U) Known issues
(S//NF) On some versions, Xshell will let the user use a private key file that has not been
imported into Xshell's key manager. In this case, BothanSpy will not be able to get the
private key file name. It will still recover the private key file password, and the user
name.
(S//NF) The output file containing credentials may have some excessive newlines
between credential entries. This is a result of not truly knowing how many different
credentials may come out of a single Xshell process (version/target dependent). It may
cause a minor eye sore when viewing stolen credentials.
(S//NF) There may be a lot of white space/empty lines when viewing unpacked output.
BothanSpy tries to clearly delimit different credentials taken from a single process.
Furthermore, processes that do not have credential information stored within will result in
an empty output file, or no text echoed back to the F&C script which will then print
trailing newlines anyways.
(S//NF) It does not destroy the Death Star, nor does it detect traps laid by The Emperor to
destroy Rebel fleets.
SECRET//NOFORN
9