def main(kwargs): password = (get_password( kwargs["--password-file"] if kwargs["--askpass"] else None)) logging.info("Opening database, this might take a while...") kp = PyKeePass( kwargs["KEEPASSX-DB"], password=password, keyfile=kwargs["--keyfile"], ) logging.info("Database opened.") #entries = kp.find_entries( # title=kwargs["--title"], # username=kwargs["--username"], # history=kwargs["--history"], # regex=kwargs["--regex"], #) entries = kp.find_entries(username=kwargs["--username"], ) logging.info("# of entries to search for pwnage: {}".format(len(entries))) for n, entry in enumerate(entries, 1): print('{}: {}'.format(n, entry.title), end=' ') ps = pwned_status(PWNED_URL_BASE, entry.password) if ps: print('PWNED!! (password: {})'.format(entry.password)) else: print('OK') logging.info("Done.")
class KeepassDB: #class for keepass file def __init__(self, masterpass): logger.info('Requesting KeePass database data') try: self.kp = PyKeePass(KPpath.PATH, password=masterpass) logger.info('Credentials database fetched') except FileNotFoundError: logger.error(f'KDBX file {KPpath.PATH} does not exist') print(f'KDBX file {KPpath.PATH} does not exist') sys.exit() except exceptions.CredentialsIntegrityError: logger.error(f'Unauthorized access to {KPpath.PATH} attempt!') print('Wrong password - try again') sys.exit() def get_credential(self, credential_name): logger.debug(f'Requesting {credential_name} credentials') try: entry = self.kp.find_entries(title=tt.names[credential_name], first=True) logger.debug(f'{credential_name} credentials found') return entry.username, entry.password except KeyError: logger.error( f'{credential_name} not found in {KPpath.PATH}. Please provide correct name of entry.' ) print( f'{credential_name} not found in {KPpath.PATH}. Please provide correct name of entry.' ) sys.exit()
def establishServerConnection( hostIpAddress="172.16.128.196", dbName="corona", username=None, password=None, keepassDB="Q:\\FoodData\\new\\01_technical\\Password Database\\DIL.kdbx", keepassKey="Q:\\FoodData\\new\\01_technical\\Password Database\\2018-03-09_Schlüssel.key", keepassTitle="MariaDB c.seebold"): if username == None and password == None: # Provide MariaDB account information by accessing the locally stored KeePass file. keePass = PyKeePass(keepassDB, keyfile=keepassKey) entry = keePass.find_entries( title=keepassTitle, first=True) # Find entry 'MariaDB c.seebold'. username = entry.username password = entry.password # Try and except clause checks if connection was successful. try: connection = pymysql.connect( hostIpAddress, username, password, dbName, local_infile=True ) # Requires to add 'loose-local-infile = 1' in the '[client]' section of '/etc(/mysql)/my.cnf'. print("Connection to database {0} successfully established.".format( dbName)) return connection except: print("ERROR: Connection to database {0} failed.".format(dbName)) import sys sys.exit()
def read_keepass_data(self, entry_name, field_name): try: kp = PyKeePass(self.keepass_file, password=self.keepass_password) entry = kp.find_entries(title=entry_name, first=True) field_data = entry._get_string_field(field_name) return field_data except Exception as e: raise ValueError( '[ERRO] - Erro ao ler o Keepass:\n%s \n\nVerifique a senha informada e tente novamente' % (str(e)), file=stderr)
class KeePass(): def __init__(self, password, cfgfile='pass.yml'): keyfile = None with open(cfgfile, 'r') as ymlfile: cfg = yaml.safe_load(ymlfile)['keepass'] dbfile = cfg['dbfile'] group = cfg['group'] newentry = cfg['newentry'] oldentry = cfg['oldentry'] if 'keyfile' in cfg: keyfile = cfg['keyfile'] self.keepass = PyKeePass(dbfile, password=password, keyfile=keyfile) self.group = self.keepass.find_groups(name=group, first=True) self.oldentry = self.keepass.find_entries( title=oldentry, group=self.group, first=True) self.newentry = self.keepass.find_entries( title=newentry, group=self.group, first=True) def get_hosts(self): hosts = self.oldentry.url ret = [] for host in re.split(r'\s+', hosts): ret.append(Host( host, self.newentry.username, self.oldentry.password, self.newentry.password)) return ret def add_to_url(self, host): if self.newentry.url is not None: self.newentry.url = self.newentry.url + ' ' + host else: self.newentry.url = host self.keepass.save() def add_to_notes(self, msg): if self.newentry.notes is not None: self.newentry.notes = self.newentry.notes + '\n' + msg else: self.newentry.notes = msg self.keepass.save()
class Secrets: DATABASE_PATH = p.easy_joiner(p.keys_dir, 'secretprops.kdbx') def __init__(self, password: str): self.db = None # Read in the database self.load_database(password) def load_database(self, password: str): self.db = PyKeePass(self.DATABASE_PATH, password=password) def get_entry(self, entry_name: str) -> Entry: return self.db.find_entries(title=entry_name, first=True)
class KeepassCredentials: def __init__(self, keepass_file, password): self.creds = PyKeePass(keepass_file, password) def username(self, entry_title): return self.entry(entry_title).username def password(self, entry_title): return self.entry(entry_title).password def entry(self, entry_title): return self.creds.find_entries(title=entry_title, recursive=True, first=True)
def main(): args = parser.parse_args() f = open(args.password_file) pw = f.read().strip() kp = PyKeePass(args.kdbx, password=pw) entry = kp.find_entries(title=args.entry, first=True) uri = entry.get_custom_property("otp") totp = pyotp.parse_uri(uri) print(totp.now())
class AlteraKeePass: def __init__(self, arquivo_kdbx, senha): self.kp = PyKeePass(arquivo_kdbx, password=senha) def cria_entrada(self, grupo, nome, usuario, senha, url, icone, ip, porta): self.group = self.kp.find_groups(name=grupo, first=True) self.kp.add_entry(self.group, nome, usuario, senha, url=url, icon=icone) self.entry = self.kp.find_entries(title=nome, first=True) self.entry.set_custom_property('IP', ip) self.entry.set_custom_property('PORT', porta) self.kp.save()
def read_keepass_data(entry_name, field_name, kps_passwd=''): try: if kps_passwd == '': kps_passwd = get_input( '\nInforme a senha do KeePass (input estará ocultado):', hidden=True) print(clear + '[INFO] - Buscando dados de %s, aguarde...' % entry_name) kp = PyKeePass(kps_file, password=kps_passwd) entry = kp.find_entries(title=entry_name, first=True) field_data = entry._get_string_field(field_name) return field_data except Exception as e: print( '[ERRO] - Erro ao ler o Keepass:\n%s \n\nVerifique a senha informada e tente novamente' % (str(e)), file=sys.stderr) read_keepass_data(entry_name, field_name, '')
class SecretStore: KEY_DIR = os.path.join(os.path.expanduser('~'), 'keys') def __init__(self, fname: str, password: str): self.db = None # Read in the database self.load_database(fname, password) def load_database(self, fname: str, password: str): self.db = PyKeePass(os.path.join(self.KEY_DIR, fname), password=password) def get_entry(self, entry_name: str) -> Entry: return self.db.find_entries(title=entry_name, first=True) def get_key(self, key_name: str) -> Dict: entry = self.get_entry(key_name) if entry is None: return {} if any([x is not None for x in [entry.username, entry.password]]): resp = { 'un': entry.username, 'pw': entry.password } else: resp = {} resp.update(entry.custom_properties) if len(entry.attachments) > 0: for att in entry.attachments: # For attachments, try to decode any that we might expect. For now, that's just JSON if isinstance(att.data, bytes): # Decode to string, try loading as json try: file_contents = json.loads(att.data.decode('utf-8')) # Likely a dict for k, v in file_contents.items(): resp[k.replace('-', '_')] = v except: resp[att.filename] = att.data.decode('utf-8') return resp def get_key_and_make_ns(self, entry: str) -> SimpleNamespace: entry_dict = self.get_key(entry) return SimpleNamespace(**entry_dict)
class Keepass: ''' Instance keepass base ''' def __init__(self): self.path = input('Emplacement du fichier keepass : '******'Mot de passe du fichier keepass : '******''' init vars for Keepass ''' self.listuser = [] self.searchuser = [] nb_user = int(input('Combien de compte à rechercher ? : ')) i = 0 while i < nb_user: ''' Create a list user ''' user = input('Renseigner le nom de votre utilisateur : ') self.searchuser.append(user) i += 1 try: ''' Check and add user to list ''' self.db = PyKeePass(self.path, password=self.password) for user in self.searchuser: print( 'Recherche dans la base l\'utilisateur : {0}'.format(user)) if self.db.find_entries(username=user, first=True): self.listuser.append(user) print('L\'utilisateur : {0} a été ajouté à la liste !'. format) else: print('L\'utilisateur : {0} n\'a pas été trouvé !'.format( user)) except FileNotFoundError: print('Le fichier n\'a pas été trouvé !')
def create_ssh_agent(workers_num, path): """Example function for loading ssh credentials. Avoid loading passwords from file. Load passwords with tool like keepass. Because it is example file, pykeepass is not included in requirements.txt, also no unit tests are provided for container folder. """ ssh_agent = SSH_Agent(path=path, n_jobs=workers_num) db_path = "/home/hermanda/Dropbox/Security/herman.kdbx" password_path = input("Password: "******"/home/hermanda/Documents/info/img/star_trek.jpg" with open("../info/addresses.json") as f: data = json.load(f) credentials_l = [] for address in data: if data[address] not in credentials_l: credentials_l.append(data[address]) with open(password_path, "r") as f: password = f.read().replace("\n", "") credentials = {} kp = PyKeePass(db_path, password=password, keyfile=keyfile_path) for login_title in credentials_l: entry = kp.find_entries(title="ms", first=True) credentials[login_title] = { "username": entry.username, "password": entry.password, } for address in data: title = data[address] ssh_agent.add_address( ip_address=address, username=credentials[title]["username"], password=credentials[title]["password"], group_name=title, ) return ssh_agent
class KeePassContainer: def __init__(self, name, config): self.name = name self.keepass = PyKeePass(config['db_path'], password=config['db_password']) def resolve(self, path, context): keepass_path = KeePassEntryPath.parse(path) group = self.keepass.find_groups(path=keepass_path.group_path) if keepass_path.group_path else None entries = self.keepass.find_entries(title=keepass_path.title, group=group) if entries and keepass_path.index < len(entries): entry = entries[keepass_path.index] return self.resolve_attribute(entry, keepass_path.attribute) else: return None def resolve_attribute(self, entry, entry_attribute): if (hasattr(entry, entry_attribute)): return getattr(entry, entry_attribute) else: raise Exception('Could not resolve unknown property \'%s\'' % (entry_attribute,))
class EntryFunctionTests(unittest.TestCase): # get some things ready before testing def setUp(self): self.kp = PyKeePass(os.path.join(base_dir, 'test.kdbx'), password='******', keyfile=os.path.join(base_dir, 'test.key')) #---------- Finding entries ----------- def test_find_entries_by_title(self): results = self.kp.find_entries_by_title('root_entry') self.assertEqual(len(results), 1) results = self.kp.find_entries_by_title('Root_entry', regex=True, flags='i', first=True) self.assertEqual('root_entry', results.title) def test_find_entries_by_username(self): results = self.kp.find_entries_by_username('foobar_user') self.assertEqual(len(results), 2) results = self.kp.find_entries_by_username('Foobar_user', regex=True, flags='i', first=True) self.assertEqual('foobar_user', results.username) def test_find_entries_by_password(self): results = self.kp.find_entries_by_password('passw0rd') self.assertEqual(len(results), 2) results = self.kp.find_entries_by_password('Passw0rd', regex=True, flags='i', first=True) self.assertEqual('passw0rd', results.password) def test_find_entries_by_url(self): results = self.kp.find_entries_by_url('http://example.com') self.assertEqual(len(results), 2) results = self.kp.find_entries_by_url('http://example.com', first=True) self.assertEqual('http://example.com', results.url) def test_find_entries_by_notes(self): results = self.kp.find_entries_by_notes('entry notes') self.assertEqual(len(results), 1) results = self.kp.find_entries_by_notes('entry notes', regex=True) self.assertEqual(len(results), 2) results = self.kp.find_entries_by_notes('Entry notes', regex=True, flags='i', first=True) self.assertEqual('root entry notes', results.notes) def test_find_entries_by_path(self): results = self.kp.find_entries_by_path('foobar_group/group_entry') self.assertEqual(len(results), 1) results = self.kp.find_entries_by_path('foobar_group/Group_entry', regex=True, flags='i', first=True) self.assertIsInstance(results, Entry) self.assertEqual('group_entry', results.title) def test_find_entries_by_uuid(self): results = self.kp.find_entries_by_uuid('zF9+zSoASMqWIcIio0ewuw==')[0] self.assertIsInstance(results, Entry) self.assertEqual('zF9+zSoASMqWIcIio0ewuw==', results.uuid) self.assertEqual('foobar_user', results.username) def test_find_entries_by_string(self): results = self.kp.find_entries_by_string( {'custom_field': 'custom field value'})[0] self.assertIsInstance(results, Entry) self.assertEqual('custom field value', results.get_custom_property('custom_field')) self.assertEqual('HnN4bHSVjEybPf8nOq1bVA==', results.uuid) def test_find_entries(self): results = self.kp.find_entries(title='Root_entry', regex=True) self.assertEqual(len(results), 0) results = self.kp.find_entries(title='Root_entry', regex=True, flags='i', first=True) self.assertEqual('root_entry', results.title) results = self.kp.find_entries(url="http://example.com") self.assertEqual(len(results), 2) results = self.kp.find_entries(notes="entry notes", url="http://example.com") self.assertEqual(len(results), 1) self.assertTrue( self.kp.find_entries(title='group_entry', first=True) in results) # test `group` argument results = self.kp.find_entries(title='foobar_entry', group=None) self.assertEqual(len(results), 3) group = self.kp.find_groups(name='foobar_group', first=True) results = self.kp.find_entries(title='foobar_entry', group=group) self.assertEqual(len(results), 2) #---------- Adding/Deleting entries ----------- def test_add_delete_move_entry(self): unique_str = 'test_add_entry_' expiry_time = datetime.now() entry = self.kp.add_entry(self.kp.root_group, unique_str + 'title', unique_str + 'user', unique_str + 'pass', url=unique_str + 'url', notes=unique_str + 'notes', tags=unique_str + 'tags', expiry_time=expiry_time, icon=icons.KEY) results = self.kp.find_entries_by_title(unique_str + 'title') self.assertEqual(len(results), 1) results = self.kp.find_entries_by_title(unique_str + 'title', first=True) self.assertEqual(results.title, unique_str + 'title') self.assertEqual(results.username, unique_str + 'user') self.assertEqual(results.password, unique_str + 'pass') self.assertEqual(results.url, unique_str + 'url') self.assertEqual(results.notes, unique_str + 'notes') self.assertEqual(results.tags, [unique_str + 'tags']) # convert naive datetime to utc expiry_time_utc = expiry_time.replace(tzinfo=tz.gettz()).astimezone( tz.gettz('UTC')) self.assertEqual(results.icon, icons.KEY) sub_group = self.kp.add_group(self.kp.root_group, 'sub_group') self.kp.move_entry(entry, sub_group) results = self.kp.find_entries(path='sub_group/' + 'test_add_entry_title', first=True) self.assertEqual(results.title, entry.title) self.kp.delete_entry(entry) results = self.kp.find_entries_by_title(unique_str + 'title', first=True) self.assertIsNone(results) # test adding entry which exists in another group subgroup = self.kp.find_groups(name='subgroup2', first=True) self.kp.add_entry(subgroup, title='foobar_entry', username='******', password='******') # test adding entry to root which exists in subgroup self.kp.add_entry(subgroup, title='foobar_entry2', username='******', password='******') self.kp.add_entry(self.kp.root_group, title='foobar_entry2', username='******', password='******') #---------- Entries name collision exception ----------- def test_raise_exception_entry(self): unique_str = 'test_add_entry_' entry = self.kp.add_entry(self.kp.root_group, unique_str + 'title', unique_str + 'user', unique_str + 'pass', url=unique_str + 'url', notes=unique_str + 'notes', tags=unique_str + 'tags', icon=icons.KEY) self.assertRaises(Exception, entry) # ---------- Entries representation ----------- def test_print_entries(self): self.assertIsInstance(self.kp.entries.__repr__(), str)
class EntryTests(unittest.TestCase): # get some things ready before testing def setUp(self): self.kp = PyKeePass(os.path.join(base_dir, 'test.kdbx'), password='******', keyfile=os.path.join(base_dir, 'test.key')) def test_fields(self): time = datetime.now() entry = Entry('title', 'username', 'password', url='url', notes='notes', tags='tags', expires=True, expiry_time=time, icon=icons.KEY, version=self.kp.version) self.assertEqual(entry.title, 'title') self.assertEqual(entry.username, 'username') self.assertEqual(entry.password, 'password') self.assertEqual(entry.url, 'url') self.assertEqual(entry.notes, 'notes') self.assertEqual(entry.tags, ['tags']) self.assertEqual(entry.expires, True) self.assertEqual( entry.expiry_time, time.replace(tzinfo=tz.gettz()).astimezone(tz.gettz('UTC'))) self.assertEqual(entry.icon, icons.KEY) self.assertEqual(entry.is_a_history_entry, False) self.assertEqual( self.kp.find_entries(title='subentry', first=True).path, 'foobar_group/subgroup/subentry') def test_set_and_get_fields(self): time = datetime.now() changed_time = datetime.now() + timedelta(hours=9) changed_string = 'changed_' entry = Entry('title', 'username', 'password', url='url', notes='notes', tags='tags', expires=True, expiry_time=time, icon=icons.KEY, version=self.kp.version) entry.title = changed_string + 'title' entry.username = changed_string + 'username' entry.password = changed_string + 'password' entry.url = changed_string + 'url' entry.notes = changed_string + 'notes' entry.expires = False entry.expiry_time = changed_time entry.icon = icons.GLOBE entry.set_custom_property('foo', 'bar') self.assertEqual(entry.title, changed_string + 'title') self.assertEqual(entry.username, changed_string + 'username') self.assertEqual(entry.password, changed_string + 'password') self.assertEqual(entry.url, changed_string + 'url') self.assertEqual(entry.notes, changed_string + 'notes') self.assertEqual(entry.icon, icons.GLOBE) self.assertEqual(entry.get_custom_property('foo'), 'bar') self.assertIn('foo', entry.custom_properties) # test time properties self.assertEqual(entry.expires, False) self.assertEqual( entry.expiry_time, changed_time.replace(tzinfo=tz.gettz()).astimezone( tz.gettz('UTC'))) entry.tags = 'changed_tags' self.assertEqual(entry.tags, ['changed_tags']) entry.tags = 'changed;tags' self.assertEqual(entry.tags, ['changed', 'tags']) entry.tags = ['changed', 'again', 'tags'] self.assertEqual(entry.tags, ['changed', 'again', 'tags'])
from termcolor import colored parser = argparse.ArgumentParser( description='Find & copy passwords to your clipboard from a KDBX file') parser.add_argument('string', help='String to find') args = vars(parser.parse_args()) to_find = args['string'] # KDBX files db_kdbx = '/path/to/you/file.kdbx' db_key = '/path/to/you/file.kdbx' db_password = '******' kp = PyKeePass(db_kdbx, keyfile=db_key, password=db_password) entries_found = kp.find_entries(title='(?i).*{}.*'.format(to_find), regex=True, first=False) entries_found_dic = {} counter = 0 for entry in entries_found: entry_name = str(entries_found[counter]).\ replace('Entry: "', '').\ replace('"', '') entries_found_dic[entry_name] = entries_found[counter] counter += 1 entries_list_keys = list(entries_found_dic.keys()) questions = [ { 'type': 'list',
class DatabaseManager: logging_manager = NotImplemented db = NotImplemented database_path = "" password_try = "" password_check = "" password = "" keyfile_hash = NotImplemented changes = False save_running = False scheduled_saves = 0 database_file_descriptor = NotImplemented def __init__(self, database_path, password=None, keyfile=None, logging_manager=None): self.logging_manager = logging_manager self.db = PyKeePass(database_path, password, keyfile) self.database_path = database_path self.database_file_descriptor = Gio.File.new_for_path(database_path) self.password = password # # Group Transformation Methods # # Return the parent group object from the child group uuid def get_group_parent_group_from_uuid(self, uuid): group = self.db.find_groups(uuid=uuid, first=True) return group.parentgroup # Return the parent group object from the child group object def get_group_parent_group_from_object(self, group): return group.parentgroup # Return the belonging group object for a group uuid def get_group_object_from_uuid(self, uuid): return self.db.find_groups(uuid=uuid, first=True) # Return the belonging group name for a group uuid def get_group_name_from_uuid(self, uuid): group = self.db.find_groups(uuid=uuid, first=True) return self.get_group_name_from_group_object(group) # Return the path for a group object def get_group_path_from_group_object(self, group): return group.path # Return the belonging group uuid for a group object def get_group_uuid_from_group_object(self, group): return group.uuid # Return the belonging name for a group object def get_group_name_from_group_object(self, group): if group.name is None: return "" else: return group.name # Return the belonging notes for a group object def get_group_notes_from_group_object(self, group): if group.notes is None: return "" else: return group.notes # Return the belonging icon for a group object def get_group_icon_from_group_object(self, group): return group.icon # Return the belonging notes for a group uuid def get_group_notes_from_group_uuid(self, uuid): group = self.db.find_groups(uuid=uuid, first=True) return self.get_group_notes_from_group_object(group) # Return path for group uuid def get_group_path_from_group_uuid(self, uuid): group = self.db.find_groups(uuid=uuid, first=True) return group.path # # Entry Transformation Methods # # Return the belonging entry object for a entry uuid def get_entry_object_from_uuid(self, uuid): return self.db.find_entries(uuid=uuid, first=True) # Return entry uuid from entry object def get_entry_uuid_from_entry_object(self, entry): return entry.uuid # Return parent group from entry uuid def get_entry_parent_group_from_uuid(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) return entry.parentgroup # Return parent group from entry object def get_entry_parent_group_from_entry_object(self, entry): return entry.parentgroup # Return the belonging name for an entry object def get_entry_name_from_entry_object(self, entry): if entry.title is None: return "" else: return entry.title # Return entry name from entry uuid def get_entry_name_from_entry_uuid(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) return self.get_entry_name_from_entry_object(entry) # Return the belonging icon for an entry object def get_entry_icon_from_entry_object(self, entry): return entry.icon # Return entry icon from entry uuid def get_entry_icon_from_entry_uuid(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) return entry.icon # Return the belonging username for an entry object def get_entry_username_from_entry_object(self, entry): if entry.username is None: return "" else: return entry.username # Return the belonging username for an entry uuid def get_entry_username_from_entry_uuid(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) return self.get_entry_username_from_entry_object(entry) # Return the belonging password for an entry object def get_entry_password_from_entry_object(self, entry): if entry.password is None: return "" else: return entry.password # Return the belonging password for an entry uuid def get_entry_password_from_entry_uuid(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) return self.get_entry_password_from_entry_object(entry) # Return the belonging url for an entry uuid def get_entry_url_from_entry_uuid(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) return self.get_entry_url_from_entry_object(entry) # Return the belonging url for an entry object def get_entry_url_from_entry_object(self, entry): if entry.url is None: return "" else: return entry.url # Return the belonging notes for an entry uuid def get_entry_notes_from_entry_uuid(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) return entry.notes # Return the belonging notes for an entry object def get_entry_notes_from_entry_object(self, entry): if entry.notes is None: return "" else: return entry.notes # Return the beloging expiry date for an entry uuid def get_entry_expiry_date_from_entry_uuid(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) return entry.expiry_time # Return the beloging expiry date for an entry object def get_entry_expiry_date_from_entry_object(self, entry): return entry.expiry_time # Return the belonging color for an entry uuid def get_entry_color_from_entry_uuid(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) if entry.get_custom_property("color_prop_LcljUMJZ9X") is None: return "NoneColorButton" else: return entry.get_custom_property("color_prop_LcljUMJZ9X") # Return the belonging value for an attribute def get_entry_attribute_value_from_entry_uuid(self, uuid, key): entry = self.db.find_entries(uuid=uuid, first=True) if entry.get_custom_property(key) is None: return "" else: return entry.get_custom_property(key) # Return all attributes for an entry uuid def get_entry_attributes_from_entry_uuid(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) return entry.custom_properties # Return all attributes for an entry object def get_entry_attributes_from_entry_object(self, entry): return entry.custom_properties # # Entry Checks # def has_entry_name(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) if entry.title is None: return False else: return True def has_entry_username(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) if entry.username is None: return False else: return True def has_entry_password(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) if entry.password is None: return False else: return True def has_entry_url(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) if entry.url is None: return False else: return True def has_entry_notes(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) if entry.notes is None: return False else: return True def has_entry_icon(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) if entry.icon is None: return False else: return True def has_entry_expiry_date(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) return entry.expires def has_entry_expired(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) if entry.expired is False: return False else: return True def has_entry_color(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) if entry.get_custom_property( "color_prop_LcljUMJZ9X") is None or entry.get_custom_property( "color_prop_LcljUMJZ9X") == "NoneColorButton": return False else: return True def has_entry_attributes(self, uuid): entry = self.db.find_entries(uuid=uuid, first=True) if len(entry.custom_properties) == 0: return False else: return True def has_entry_attribute(self, uuid, key): entry = self.db.find_entries(uuid=uuid, first=True) if entry.get_custom_property(key) is None: return False else: return True # # Group Checks # def has_group_name(self, uuid): group = self.db.find_groups(uuid=uuid, first=True) if group.name is None: return False else: return True def has_group_notes(self, uuid): group = self.db.find_groups(uuid=uuid, first=True) if group.notes is None: return False else: return True def has_group_icon(self, uuid): group = self.db.find_groups(uuid=uuid, first=True) if group.icon is None: return False else: return True # # Database Modifications # # Add new group to database def add_group_to_database(self, name, icon, notes, parent_group): group = self.db.add_group(parent_group, name, icon=icon, notes=notes) self.changes = True self.set_element_mtime(parent_group) return group # Delete a group def delete_group_from_database(self, group): self.db.delete_group(group) self.changes = True if group.parentgroup is not None: self.set_element_mtime(group.parentgroup) # Add new entry to database def add_entry_to_database(self, name, username, password, url, notes, icon, group_uuid): destination_group = self.get_group_object_from_uuid(group_uuid) entry = self.db.add_entry( destination_group, name, username, password, url=url, notes=notes, expiry_time=None, tags=None, icon=icon, force_creation=self.check_entry_in_group_exists( "", destination_group)) self.changes = True self.set_element_mtime(destination_group) return entry # Delete an entry def delete_entry_from_database(self, entry): self.db.delete_entry(entry) self.changes = True if entry.parentgroup is not None: self.set_element_mtime(entry.parentgroup) # Duplicate an entry def duplicate_entry(self, entry): title = entry.title if title is None: title = "" username = entry.username if username is None: username = "" password = entry.password if password is None: password = "" # NOTE: With clone is meant a duplicated object, not the process of cloning/duplication; "the" clone clone_entry = self.db.add_entry(entry.parentgroup, title + " - " + _("Clone"), username, password, url=entry.url, notes=entry.notes, expiry_time=entry.expiry_time, tags=entry.tags, icon=entry.icon, force_creation=True) # Add custom properties for key in entry.custom_properties: value = entry.custom_properties[key] if value is None: value = "" clone_entry.set_custom_property(key, value) self.changes = True if entry.parentgroup is not None: self.set_element_mtime(entry.parentgroup) # Write all changes to database def save_database(self): if self.save_running is False and self.changes is True: self.save_running = True kdbx = KDBX.build(self.db.kdbx, password=self.db.password, keyfile=self.db.keyfile) try: output_stream = self.database_file_descriptor.replace( None, False, Gio.FileCreateFlags.REPLACE_DESTINATION | Gio.FileCreateFlags.PRIVATE, None) output_stream.write_all(kdbx) output_stream.close() self.logging_manager.debug("Saved database") self.changes = False except Exception: self.logging_manager.error( "Error occured while saving database") # Workaround # Fix created and proposed: https://github.com/pschmitt/pykeepass/pull/102 self.db.kdbx = KDBX.parse_file(self.db.filename, password=self.db.password, keyfile=self.db.keyfile) self.save_running = False # Set database password def set_database_password(self, new_password): self.db.password = new_password self.changes = True # Set database keyfile def set_database_keyfile(self, new_keyfile): self.db.keyfile = new_keyfile self.changes = True # # Entry Modifications # def set_entry_name(self, uuid, name): entry = self.db.find_entries(uuid=uuid, first=True) entry.title = name self.changes = True self.set_element_mtime(entry) def set_entry_username(self, uuid, username): entry = self.db.find_entries(uuid=uuid, first=True) entry.username = username self.changes = True self.set_element_mtime(entry) def set_entry_password(self, uuid, password): entry = self.db.find_entries(uuid=uuid, first=True) entry.password = password self.changes = True self.set_element_mtime(entry) def set_entry_url(self, uuid, url): entry = self.db.find_entries(uuid=uuid, first=True) entry.url = url self.changes = True self.set_element_mtime(entry) def set_entry_notes(self, uuid, notes): entry = self.db.find_entries(uuid=uuid, first=True) entry.notes = notes self.changes = True self.set_element_mtime(entry) def set_entry_icon(self, uuid, icon): entry = self.db.find_entries(uuid=uuid, first=True) entry.icon = icon self.changes = True self.set_element_mtime(entry) def set_entry_expiry_date(self, uuid, date): entry = self.db.find_entries(uuid=uuid, first=True) entry.expiry_time = date entry.expires self.changes = True self.set_element_mtime(entry) def set_entry_color(self, uuid, color): entry = self.db.find_entries(uuid=uuid, first=True) entry.set_custom_property("color_prop_LcljUMJZ9X", color) self.changes = True self.set_element_mtime(entry) def set_entry_attribute(self, uuid, key, value): entry = self.db.find_entries(uuid=uuid, first=True) entry.set_custom_property(key, value) self.changes = True self.set_element_mtime(entry) def delete_entry_attribute(self, uuid, key): entry = self.db.find_entries(uuid=uuid, first=True) entry.delete_custom_property(key) self.changes = True self.set_element_mtime(entry) # Move an entry to another group def move_entry(self, uuid, destination_group_object): entry = self.db.find_entries(uuid=uuid, first=True) self.db.move_entry(entry, destination_group_object) if entry.parentgroup is not None: self.set_element_mtime(entry.parentgroup) self.set_element_mtime(destination_group_object) def set_element_ctime(self, element): element.ctime = datetime.utcnow() def set_element_atime(self, element): element.atime = datetime.utcnow() def set_element_mtime(self, element): element.mtime = datetime.utcnow() # # Group Modifications # def set_group_name(self, uuid, name): group = self.db.find_groups(uuid=uuid, first=True) group.name = name self.changes = True self.set_element_mtime(group) def set_group_notes(self, uuid, notes): group = self.db.find_groups(uuid=uuid, first=True) group.notes = notes self.set_element_mtime(group) def set_group_icon(self, uuid, icon): group = self.db.find_groups(uuid=uuid, first=True) group.icon = icon self.set_element_mtime(group) # Move an group def move_group(self, uuid, destination_group_object): group = self.db.find_groups(uuid=uuid, first=True) self.db.move_group(group, destination_group_object) if group.parentgroup is not None: self.set_element_mtime(group.parentgroup) self.set_element_mtime(destination_group_object) # # Read Database # def get_groups_in_root(self): return self.db.root_group.subgroups # Return list of all groups in folder def get_groups_in_folder(self, uuid): folder = self.get_group_object_from_uuid(uuid) return folder.subgroups # Return list of all entries in folder def get_entries_in_folder(self, uuid): parent_group = self.get_group_object_from_uuid(uuid) return parent_group.entries # Return the database filesystem path def get_database(self): return self.database_path # Return the root group of the database instance def get_root_group(self): return self.db.root_group # Check if root group def check_is_root_group(self, group): if group.is_root_group: return True else: return False # Check if entry with title in group exists def check_entry_in_group_exists(self, title, group): entry = self.db.find_entries(title=title, group=group, recursive=False, history=False, first=True) if entry is None: return False else: return True # Search for an entry or a group def search(self, string, fulltext, global_search=True, path=None): uuid_list = [] if fulltext is False: for group in self.db.find_groups(name="(?i)" + string.replace(" ", ".*"), recursive=global_search, path=path, regex=True): if group.is_root_group is False: uuid_list.append(group.uuid) else: for group in self.db.groups: if group.is_root_group is False and group.uuid not in uuid_list: if string.lower( ) in self.get_group_notes_from_group_object(group): uuid_list.append(group.uuid) if fulltext is False: for entry in self.db.find_entries(title="(?i)" + string.replace(" ", ".*"), recursive=global_search, path=path, regex=True): uuid_list.append(entry.uuid) else: for entry in self.db.entries: if entry.uuid not in uuid_list: if string.lower( ) in self.get_entry_username_from_entry_object(entry): uuid_list.append(entry.uuid) elif string.lower( ) in self.get_entry_notes_from_entry_object(entry): uuid_list.append(entry.uuid) return uuid_list # Check if object is group def check_is_group(self, uuid): if self.get_group_object_from_uuid(uuid) is None: return False else: return True def check_is_group_object(self, group): return hasattr(group, "name") # # Properties # def get_element_creation_date(self, element): if element.ctime is not None: local_timestamp = element.ctime.astimezone(tz.tzlocal()) timestamp = GLib.DateTime.new_local( int(datetime.strftime(local_timestamp, "%Y")), int(datetime.strftime(local_timestamp, "%m")), int(datetime.strftime(local_timestamp, "%d")), int(datetime.strftime(local_timestamp, "%H")), int(datetime.strftime(local_timestamp, "%M")), float(datetime.strftime(local_timestamp, "%S"))) return timestamp.format("%c") else: return "-" def get_element_acessed_date(self, element): if element.atime is not None: local_timestamp = element.atime.astimezone(tz.tzlocal()) timestamp = GLib.DateTime.new_local( int(datetime.strftime(local_timestamp, "%Y")), int(datetime.strftime(local_timestamp, "%m")), int(datetime.strftime(local_timestamp, "%d")), int(datetime.strftime(local_timestamp, "%H")), int(datetime.strftime(local_timestamp, "%M")), float(datetime.strftime(local_timestamp, "%S"))) return timestamp.format("%c") else: return "-" def get_element_modified_date(self, element): if element.mtime is not None: local_timestamp = element.mtime.astimezone(tz.tzlocal()) timestamp = GLib.DateTime.new_local( int(datetime.strftime(local_timestamp, "%Y")), int(datetime.strftime(local_timestamp, "%m")), int(datetime.strftime(local_timestamp, "%d")), int(datetime.strftime(local_timestamp, "%H")), int(datetime.strftime(local_timestamp, "%M")), float(datetime.strftime(local_timestamp, "%S"))) return timestamp.format("%c") else: return "-" # # Database creation methods # # Set the first password entered by the user (for comparing reasons) def set_password_try(self, password): self.password_try = password # Set the second password entered by the user (for comparing reasons) def set_password_check(self, password): self.password_check = password # Compare the first password entered by the user with the second one def compare_passwords(self): if self.password_try == self.password_check: if self.password_try == "" and self.password_check == "": return False else: return True else: return False # Create keyfile hash def create_keyfile_hash(self, keyfile_path): hasher = hashlib.sha512() with open(keyfile_path, 'rb') as file: buffer = 0 while buffer != b'': buffer = file.read(1024) hasher.update(buffer) return hasher.hexdigest() # Set keyfile hash def set_keyfile_hash(self, keyfile_path): self.keyfile_hash = self.create_keyfile_hash(keyfile_path) # Get changes def made_database_changes(self): return self.changes def parent_checker(self, current_group, moved_group): if current_group.is_root_group: return False elif current_group.uuid == moved_group.uuid: return True else: return self.parent_checker(current_group.parentgroup, moved_group) def get_database_encryption(self): return self.db.encryption_algorithm def get_database_derivation(self): return self.db.version
class KeepassVault(Vault): def __init__(self, vault_configs): validate(vault_configs, "yac/schema/vaults/keepass.json") self.vault_path = search('"vault-path"', vault_configs) vault_pwd_path = search('"vault-pwd-path"', vault_configs) self.vault_pwd = search('"vault-pwd"', vault_configs) if not self.vault_pwd and vault_pwd_path and os.path.exists( vault_pwd_path): self.vault_pwd = read_pwd_file(vault_pwd_path) self.ready = False self.initialized = False self.kp = None def get_type(self): return "keepass" def initialize(self, params): servicefile_path = params.get("servicefile-path", "") # apply intrinsics in the vault password vault_pwd = apply_intrinsics(self.vault_pwd, params) full_path = os.path.join(servicefile_path, self.vault_path) if os.path.exists(full_path): if vault_pwd: try: self.kp = PyKeePass(full_path, password=vault_pwd) self.ready = True self.initialized = True except IOError as e: print(e) else: self.ready = False self.initialized = False def is_ready(self): return self.ready def is_initialized(self): return self.initialized def get(self, lookup_config): entry = self.kp.find_entries(path=lookup_config['path'], first=True) value = "" if entry: field_name = lookup_config['field'] if field_name == "password": value = entry.password elif field_name == "username": value = entry.username elif field_name == "url": value = entry.url elif field_name == "notes": value = entry.notes return value def set(self, lookup_config, secret_value): entry = self.kp.find_entries(path=lookup_config['path'], first=True) if entry: field_name = lookup_config['field'] if field_name == "password": entry.password = secret_value elif field_name == "username": entry.username = secret_value elif field_name == "url": entry.url = secret_value self.kp.save() def load_cached_vault_path(self): vault_path = get_cache_value('keepass-vault-path') if not vault_path: vault_path = string_validation( "KeePass Vault Path", "Path to the KeePass vault file for secrets lookup", [], path_validation, True) set_cache_value_ms('keepass-vault-path', vault_path) return vault_path def load_cached_vault_pwd(self): vault_pwd = get_cache_value('keepass-vault-pwd') if not vault_pwd: vault_pwd = string_validation( "KeePass Vault Password", "The master key for the KeePass vault", [], string_validation, True, 100, True) set_cache_value_ms('keepass-vault-pwd', vault_pwd) return vault_pwd def clear_secrets_cache(self): set_cache_value_ms('keepass-vault-path', "") set_cache_value_ms('keepass-vault-pwd', "")
def find(db: PyKeePass, title: str) -> str: entry = db.find_entries(title=title, first=True) if entry is None: print(f"Entry not found: {title}", file=sys.stderr) exit(1) return entry.password
conns = [ ('APP_DBA', 'dev.db.orac.dba', 'orac-db-dev.db.com', '1521', 'ORAC', 'DEV', 'MANDANT', 'ORAC', 'sid'), ('APP_DBA', 'prd.db.orac.dba', '0', '0', '0', 'PRD', 'MANDANT', 'ORAC', '(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=orac-db-prd1.db.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=orac-db-prd2.db.com)(PORT=6777)))(CONNECT_DATA=(SERVICE_NAME=orac_primary.prd.db.de)))' ), # add connections here ] for conn in conns: print('\n► Connection: ' + conn[5] + '-' + conn[6] + '-' + conn[7] + '-' + conn[0]) # Get KeePass password entry = kp.find_entries(title=conn[1], first=True) # Setup connection ora = conn[2] + ":" + conn[3] + "/" + conn[4] if (conn[8] == 'sid'): dsnStr = cx_Oracle.makedsn(conn[2], conn[3], conn[4]) else: dsnStr = conn[8] connection = cx_Oracle.connect(user=conn[0], password=entry.password, dsn=dsnStr) cursor = connection.cursor() # Execute query if True: cursor.execute(qry)
parser.add_argument('-c', '--command', choices=cmd_choices, default='get', help='Command') parser.add_argument('-g', '--group', help='Target group to execute action') parser.add_argument('-t', '--title', help='Target title to execute action') parser.add_argument('-u', '--user', action='store_true', help='Target group to execute action') args = parser.parse_args() logging.basicConfig(level=logging.DEBUG) logging.info('Start ...') if not exists(args.path): logging.info(f'No database {args.path}') create_database(args.path, password=args.password) logging.debug(f'Command: {args.command}') kp = PyKeePass(args.path, password=args.password) group = kp.find_groups(name=args.group, first=True) entry = kp.find_entries(group=group, title=args.title, first=True) print(entry.password)
kp = PyKeePass(args.keepassfile, password=password) # get group group = kp.find_groups(name=args.group, first=True) if group is None: raise ValueError("Group \"" + args.group + "\" not found in database.") # get entries entries = [] # -> get all if no specific secret name(s) given if args.secret is None: entries = group.entries # -> get all from specified secret name(s) else: for secret in args.secret: result = kp.find_entries(title=secret, group=group, first=True) entries.append(result) if result is not None else [] # now get values from the entries and print to stdout printed = 0 if args.attribute is None: args.attribute = ["secret"] for entry in entries: for att in args.attribute: value = entry.get_custom_property(att) if value is not None: print(value) printed += 1 # Log how many entries we found (stdout will be piped to kubectl...) logging.error("Processed " + str(printed) + " secrets.")
text = msg.as_string() server.sendmail(fromaddr, toaddr.split(','), text) server.quit() try: dbpass = getpass.getpass(prompt='Enter the Keepass Password: '******'.*', regex=True, recursive=True, first=False) alldata = [] for ent in entry: if ent.title: titlelo = (ent.title).lower() else: titlelo = 'blank' if ent.username: userlo = (ent.username).lower() else: userlo = 'blank' if ent.notes: noteslo = (ent.notes).lower() else:
#!/usr/bin/env python """ Retrieve a password from a KeePass database """ import sys import argparse from getpass import getpass from pykeepass import PyKeePass parser = argparse.ArgumentParser( description='Retrieve a password from a KeePass database.') parser.add_argument("kdb", type=str, help="path to a KeePass database file") parser.add_argument("entry", type=str, help="path to the entry in the given KeePass database") args = parser.parse_args() kbd_passwd = getpass('Enter KeePass master password: '******'No KeePass entry found at path "{}"'.format(args.entry)) sys.exit(1) print(entry.password)
print("parameter: ") print() print("--create generates an random password") print("--title <value> tile for Keepass entry") print("--username <value> username for Keepass entry") print("--count amount of characters") print("--hide hide password") print("--temp do not write to keepassfile") print("") print("--getuser <searchstring> get username") print("--getpassword <search string> get password") if arg == '--getuser': all = kp.entries result = kp.find_entries(title=sys.argv[idx+1], first=True) clipboard.copy(result.username) if arg == '--getpassword': all = kp.entries result = kp.find_entries(title=sys.argv[idx+1], first=True) clipboard.copy(result.password) if arg == '--hide': DISPLAYPWD = False if arg == '--temp': KEEPASSWRITE = False if arg == '--create': CREATE = True
parser.add_argument('-i', '--input-password', type=str, help='input keepass password', metavar='password') parser.add_argument('-o', '--output-password', type=str, help='output keepass password', metavar='password') parser.add_argument('-a', '--attribute', type=str, default='extract_to', help='attribute for getting entries', metavar='attribute') args = parser.parse_args() search_attribute = args.attribute input_path = args.input_keepass output_path = args.output_keepass # ask for passwort if not passed by command line input_password = args.input_password if args.input_password else getpass(prompt='Input KeePass password:'******'Output KeePass password:'******'.*' for entry in input_keepass.find_entries(string=searchstring, regex=True): _add_entry(output_keepass, entry) # finally, save the output keepass output_keepass.save()
class KeepassCredstore(Credstore): def __init__(self, filename=None): super().__init__() self.filename = filename self.log = self.log.bind(cls=__class__.__name__, filename=self.filename) self.db = None @property def name(self): return self.filename def unlock(self, unlock_secret=None): self.log.msg('unlocking') try: from pykeepass import PyKeePass if unlock_secret is None: unlock_secret = getpass.getpass( "Enter password to unlock Keepass database '{}': ".format( self.filename)) self.db = PyKeePass(self.filename, password=unlock_secret) self.log.msg('loaded keepass file', entry_count=len(self.db.entries)) return True except ImportError as err: self.log.msg('keepass load error, pykeepass module missing') return False except Exception as e: self.log.msg('keepass error, password is likely wrong', exc=e) self.db = None return False def get_identity(self, url): log = self.log.bind(url=url) log.msg('looking for identity') entries = self.db.find_entries(url=url, group=self.db.find_groups(name='Root', first=True)) if len(entries) > 1: log.msg("multiple entries found, please specify identity manually", paths=[e.path for e in entries]) return None elif len(entries) == 0: log.msg('no matching entries found') return None else: entry = next(iter(entries)) log.msg('found entry', uuid=entry.uuid, path=entry.path) return entry.username return None def get_credentials(self, url, identity): log = self.log.bind(url=url, identity=identity) log.msg('looking for credentials') entry = self.db.find_entries(url=url, username=identity, first=True) if entry: log.msg('entry found', uuid=entry.uuid, path=entry.path) return dict(identity=entry.username, password=entry.password, custom_properties=entry.custom_properties) else: log.msg('no entry found') password = getpass.getpass( "Enter password for login '{}' used to access URL '{}': ". format(identity, url)) return dict(identity=entry.username, password=password, custom_properties={}) return None
def write_token_data(entry_name, kps_group, token_data, kps_pswd, history_group=None): try: kp = PyKeePass(kps_file, password=kps_pswd) entry = kp.find_entries(title=entry_name, first=True) if entry is not None: notes = entry._get_string_field('Notes') updated_notes = '' current_envs = dict() for env in notes.split('\n'): try: splitted = env.split(':') current_envs.update({splitted[0]: splitted[1]}) except: pass for updated_environment in token_data.keys(): if history_group: if updated_environment == history_group: entry.notes = updated_notes entry.expiry_time = datetime.now() + timedelta( days=365) entry.expires = True else: entry.notes = updated_notes entry.expiry_time = datetime.now() + timedelta(days=365) entry.expires = True for current_env_name, current_env_token in current_envs.items(): if current_env_name not in token_data.keys(): token_data.update({current_env_name: current_env_token}) for env_name, env_token in token_data.items(): updated_notes += env_name + ': ' + env_token + '\n' else: group = kp.find_groups(name=kps_group, first=True) entry = kp.add_entry(group, entry_name, '', '') notes = '' for env_name, env_token in token_data.items(): notes += env_name + ': ' + env_token + '\n' entry.notes = notes entry.expiry_time = datetime.now() + timedelta(days=365) entry.expires = True kp.save() return True except Exception as e: print('[ERRO] - Erro ao gravar dados no Keepass %s:\n%s' % (kps_file, str(e)), file=sys.stderr) pass