Skip to content

Latest commit

 

History

History
325 lines (238 loc) · 10.4 KB

README.md

File metadata and controls

325 lines (238 loc) · 10.4 KB

GitHub top language Issues License Commit activity Last commit PyPI Downloads PyPI Total Downloads PyPI Version

CheckPasswords

Project Icon

Uses pass_import to read password manager source files, detecting duplicates, weak passwords, HTTP sites, and providing 2FA options.

Details: The "checkpasswords" tool leverages pass_import to extract information from password manager source files. It automatically deduces various data points such as zxcvbnScore, password duplicity, HTTP site identification, and the availability/enabled status of multi-factor authentication (MFA).

Functionality:

  • Duplicate Password Check: Identify and flag duplicate passwords within the source file.
  • Weak Password Detection: Evaluate password strength using the zxcvbnScore algorithm.
  • HTTP Site Identification: Detect and list sites using HTTP.
  • 2FA Options Listing: Use data from https://2fa.directory/ to present available multi-factor authentication options.
  • Emails for Security Checks: Compile a list of emails for submission to services like HIBP (Have I Been Pwned) for security validation.

Table of Contents

Using

CLI Help

usage: __main__.py [-h] [--output-format OUTPUT_FORMAT] [--input-format INPUT_FORMAT] [--file FILE] [--no-colour]
                   credentials

checkpasswords: Uses pass_import to read a password manager source file storing raw
data and infers data such as:

- zxcvbnScore
- isPasswordDuplicate
- passwordPrint
- isHttp
- isMfaAvailable
- isMfaEnabled

Used to:

- check for duplicate passwords
- check for weak passwords
- identify http sites
- list available 2fa options using data from https://2fa.directory/
- list emails to submit to HIBP or similar

positional arguments:
  credentials           Credentials/ passwords file to check

options:
  -h, --help            show this help message and exit
  --output-format OUTPUT_FORMAT, -o OUTPUT_FORMAT
                        Output format. One of ['ansi', 'plain', 'markdown', 'json', 'raw', 'raw-csv']. default=ansi
  --input-format INPUT_FORMAT, -i INPUT_FORMAT
                        Input format. One of ['1password', 'aegis', 'andotp', 'apple-keychain', 'bitwarden', 'blur', 'buttercup', 'chrome', 'clipperz', 'csv', 'dashlane', 'encryptr', 'enpass', 'firefox', 'fpm', 'freeotp+', 'gnome', 'gnome-auth', 'gopass', 'gorilla', 'kedpm', 'keepass', 'keepassx', 'keepassx2', 'keepassxc', 'keeper', 'lastpass', 'myki', 'network-manager', 'padlock', 'pass', 'passman', 'passpack', 'passpie', 'pwsafe', 'revelation', 'roboform', 'saferpass', 'upm', 'zoho']
  --file FILE, -f FILE  Filename to write to (omit for stdout)
  --no-colour, -z       No ANSI colours

Example Output

                Summary
┏━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━┓
┃ Issue               ┃ No. Instances ┃
┡━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━┩
│ Duplicate Passwords │ 2             │
│ Weak Passwords      │ 9             │
│ HTTP Sites          │ 9             │
│ Enable 2FA          │ 16            │
│ Emails              │ 17            │
└─────────────────────┴───────────────┘

...

Documentation

A high-level overview of how the documentation is organized organized will help you know where to look for certain things:

  • The Technical Reference documents APIs and other aspects of the machinery. This documentation describes how to use the classes and functions at a lower level and assume that you have a good high-level understanding of the software.

Install With PIP

pip install CheckPasswords

Head to https://pypi.org/project/CheckPasswords/ for more info

Language information

Built for

This program has been written for Python versions 3.8 - 3.11 and has been tested with both 3.8 and 3.11

Install Python on Windows

Chocolatey

choco install python

Windows - Python.org

To install Python, go to https://www.python.org/downloads/windows/ and download the latest version.

Install Python on Linux

Apt

sudo apt install python3.x

Dnf

sudo dnf install python3.x

Install Python on MacOS

Homebrew

brew install [email protected]

MacOS - Python.org

To install Python, go to https://www.python.org/downloads/macos/ and download the latest version.

How to run

Windows

  • Module py -3.x -m [module] or [module] (if module installs a script)

  • File py -3.x [file] or ./[file]

Linux/ MacOS

  • Module python3.x -m [module] or [module] (if module installs a script)

  • File python3.x [file] or ./[file]

Building

This project uses https://github.com/FHPythonUtils/FHMake to automate most of the building. This command generates the documentation, updates the requirements.txt and builds the library artefacts

Note the functionality provided by fhmake can be approximated by the following

handsdown  --cleanup -o documentation/reference
poetry export -f requirements.txt --output requirements.txt
poetry export -f requirements.txt --with dev --output requirements_optional.txt
poetry build

fhmake audit can be run to perform additional checks

Testing

For testing with the version of python used by poetry use

poetry run pytest

Alternatively use tox to run tests over python 3.8 - 3.11

tox

Download Project

Clone

Using The Command Line

  1. Press the Clone or download button in the top right
  2. Copy the URL (link)
  3. Open the command line and change directory to where you wish to clone to
  4. Type 'git clone' followed by URL in step 2
    git clone https://github.com/FHPythonUtils/CheckPasswords

More information can be found at https://help.github.com/en/articles/cloning-a-repository

Using GitHub Desktop

  1. Press the Clone or download button in the top right
  2. Click open in desktop
  3. Choose the path for where you want and click Clone

More information can be found at https://help.github.com/en/desktop/contributing-to-projects/cloning-a-repository-from-github-to-github-desktop

Download Zip File

  1. Download this GitHub repository
  2. Extract the zip archive
  3. Copy/ move to the desired location

Community Files

Licence

GPLv3 License (due to pass-import dependency) (See the LICENSE for more information.)

Changelog

See the Changelog for more information.

Code of Conduct

Online communities include people from many backgrounds. The Project contributors are committed to providing a friendly, safe and welcoming environment for all. Please see the Code of Conduct for more information.

Contributing

Contributions are welcome, please see the Contributing Guidelines for more information.

Security

Thank you for improving the security of the project, please see the Security Policy for more information.

Support

Thank you for using this project, I hope it is of use to you. Please be aware that those involved with the project often do so for fun along with other commitments (such as work, family, etc). Please see the Support Policy for more information.

Rationale

The rationale acts as a guide to various processes regarding projects such as the versioning scheme and the programming styles used. Please see the Rationale for more information.