GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → roddhjav → pass-audit

roddhjav / pass-audit

Licence: GPL-3.0 license
A pass extension for auditing your password repository.

Programming Languages

python
139335 projects - #7 most used programming language
Roff
2310 projects
Makefile
30231 projects
shell
77523 projects

Labels

password-managerpasswordauditpasspass-extensionhaveibeenpwnedpassword-audit

Projects that are alternatives of or similar to pass-audit

PassHUD
A HUD-style interface for pass on macOS
Stars: ✭ 31 (-56.34%)
Mutual labels:  password-manager, password, pass
Keepass4web
An application that serves KeePass database entries on a web frontend
Stars: ✭ 115 (+61.97%)
Mutual labels:  password-manager, password
Gitpass
Open Source Your Password (Mismanagement)!
Stars: ✭ 113 (+59.15%)
Mutual labels:  password-manager, password
Gopassbridge
A web extension for firefox and chrome to insert login credentials from gopass
Stars: ✭ 182 (+156.34%)
Mutual labels:  password-manager, password
Haveibeenpwned lastpass
Check if your lastpass passwords have been pwned by someone
Stars: ✭ 96 (+35.21%)
Mutual labels:  password-manager, haveibeenpwned
Rooster
The simple password manager for geeks, built with Rust.
Stars: ✭ 106 (+49.3%)
Mutual labels:  password-manager, password
Keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
Stars: ✭ 11,623 (+16270.42%)
Mutual labels:  password-manager, password
Passwordcockpit
Passwordcockpit is a simple, free, open source, self hosted, web based password manager for teams. It is made in PHP, Javascript, MySQL and it run on a docker service. It allows users with any kind of device to safely store, share and retrieve passwords, certificates, files and much more.
Stars: ✭ 34 (-52.11%)
Mutual labels:  password-manager, password
Python Scripts
Collection of Various Python Script's.💻
Stars: ✭ 195 (+174.65%)
Mutual labels:  password-manager, password
keevault
Kee Vault is a password manager for your web browser. Password databases (Vaults) are encrypted using the KeePass storage format before being sent to a remote server for synchronisation across any modern device/browser
Stars: ✭ 57 (-19.72%)
Mutual labels:  password-manager, password
cerebro-pass
Cerebro plugin for pass.
Stars: ✭ 15 (-78.87%)
Mutual labels:  password-manager, pass
Passwd
A beautiful, cross-platform, encrypted password manager 🔐
Stars: ✭ 82 (+15.49%)
Mutual labels:  password-manager, password
Passage
A password manager using https://age-encryption.org/
Stars: ✭ 48 (-32.39%)
Mutual labels:  password-manager, password
Pwd.sh
GPG symmetric password manager
Stars: ✭ 1,468 (+1967.61%)
Mutual labels:  password-manager, password
Featherpasswordmanager
Highly portable extremely light-weight password manager that stores all your passwords in a local encrypted file.
Stars: ✭ 39 (-45.07%)
Mutual labels:  password-manager, password
Keeweb
Free cross-platform password manager compatible with KeePass
Stars: ✭ 10,587 (+14811.27%)
Mutual labels:  password-manager, password
pass2csv
Export pass(1), "the standard unix password manager", to CSV.
Stars: ✭ 70 (-1.41%)
Mutual labels:  password-manager, pass
Strongbox
A KeePass/Password Safe Client for iOS and OS X
Stars: ✭ 586 (+725.35%)
Mutual labels:  password-manager, password
Passcore
A self-service password management tool for Active Directory
Stars: ✭ 787 (+1008.45%)
Mutual labels:  password-manager, password
Pass Update
A pass extension that provides an easy flow for updating passwords.
Stars: ✭ 191 (+169.01%)
Mutual labels:  password-manager, password
View All Similar Projects ➔

pass audit

A pass extension for auditing your password repository.

Description

pass audit is a password-store extension for auditing your password repository. Passwords will be checked against the Python implementation of Dropbox' zxcvbn algorithm and Troy Hunt's Have I Been Pwned Service. It supports safe breached password detection from haveibeenpwned.com using a K-anonymity method. Using this method, you do not need to (fully) trust the server that stores the breached password. You should read the security consideration section for more information.

Usage

usage: pass audit [-h] [-V] [-n NAME] [-v | -q] [pass-names]

 A pass extension for auditing your password repository. It supports safe
 breached password detection from haveibeenpwned.com using K-anonymity method,
 duplicated passwords, and password strength estimation using zxcvbn.

positional arguments:
  pass-names            Path(s) to audit in the password store, If empty audit the full store.

options:
  -h, --help            show this help message and exit
  -V, --version         Show the program version and exit.
  -n NAME, --name NAME  Check only passwords with this filename
  -v, --verbose         Set verbosity level, can be used more than once.
  -q, --quiet           Be quiet.

More information may be found in the pass-audit(1) man page.

See man pass-audit for more information.

Examples

Audit a subfolder for pwned passwords

pass audit goodpasswords/
(*) None of the 7 passwords tested are breached.
 .  But it does not means they are strong.

pass audit pwnedpasswords/
 w  Password breached: password from Password/pwned/5 has been breached 3303003 time(s).
 w  Password breached: correct horse battery staple from Password/pwned/2 has been breached 2 time(s).
[x] Error: 7 passwords tested and 2 breached passwords found.
 .  You should update them with 'pass-update'.

Security consideration

K-anonymity

This program uses K-anonymity to retrieve the knowledge of breached passwords from HIBP server. K-anonymity applied to breached password check on an untrusted remote server is a recent cryptographic approach. It means only the first five characters of the SHA1 hash of your password is sent to the server. It offers decent anonymity; nevertheless, it is not an entirely secure solution.

More reading:

Mandatory Access Control (MAC)

AppArmor profiles for pass and pass-audit are available in apparmor.d. If your distribution support AppArmor, you can clone the apparmor.d and run: sudo ./pick pass pass-import to only install these AppArmor security profiles.

Network

pass-audit only needs to establish network connection to connect to the haveibeenpwned.com server.

Password Update

You might also want to update the passwords imported using pass-update.

Installation

Requirements

  • pass 1.7.0 or greater.
  • Python 3.6+
  • python3-setuptools to build and install it.
  • python3-requests (apt install python3-requests or pip3 install requests)
  • python3-zxcvbn (pip3 install zxcvbn)

ArchLinux

pass-audit is available in the Arch User Repository.

yay -S pass-audit  # or your preferred AUR install method

Debian/Ubuntu

pass-audit is available under my own debian repository with the package name pass-extension-audit. Both the repository and the package are signed with my GPG key: 06A26D531D56C42D66805049C5469996F0DF68EC.

wget -qO - https://pkg.pujol.io/debian/gpgkey | sudo apt-key add -
echo 'deb [arch=amd64] https://pkg.pujol.io/debian/repo all main' | sudo tee /etc/apt/sources.list.d/pkg.pujol.io.list
sudo apt-get update
sudo apt-get install pass-extension-audit

FreeBSD

# install the binary package
pkg install py36-pass-audit

# or build it using the ports tree
make -C /usr/ports/security/py-pass-audit install clean

Using pip

pip install pass-audit

From git

git clone https://github.com/roddhjav/pass-audit/
cd pass-audit
python3 setup.py install

Stable version

wget https://github.com/roddhjav/pass-audit/releases/download/v1.2/pass-audit-1.2.tar.gz
tar xzf pass-audit-1.2.tar.gz
cd pass-audit-1.2
python3 setup.py install

Releases and commits are signed using 06A26D531D56C42D66805049C5469996F0DF68EC. You should check the key's fingerprint and verify the signature:

wget https://github.com/roddhjav/pass-audit/releases/download/v1.2/pass-audit-1.2.tar.gz.asc
gpg --recv-keys 06A26D531D56C42D66805049C5469996F0DF68EC
gpg --verify pass-audit-1.2.tar.gz.asc

Local install

Alternatively, from git or a stable version you can do a local install with:

cd pass-audit
python3 setup.py install --user

Remember to set PASSWORD_STORE_ENABLE_EXTENSIONS to true for the local extension to be enabled.

Contribution

Feedback, contributors, pull requests are all very welcome.

Contributors

License

Copyright (C) 2018-2022  Alexandre PUJOL and Contributors

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].