def process(): args = get_args() print(args.dbpath) if not os.path.exists(args.dbpath): print("DB file path does not exist", file=sys.stderr) sys.exit(1) password = getpass() try: db = KP(args.dbpath, password=password) except FileNotFoundError: print("DB file path does not exist", file=sys.stderr) sys.exit(1) except OSError: print("Invalid password", file=sys.stderr) sys.exit(1) except Exception: print("Misc error", file=sys.stderr) sys.exit(1) groups = db.find_groups_by_name(args.groupname) if len(groups) == 0: print("Group does not exist", file=sys.stderr) sys.exit(1) if len(groups) > 1: print("Multiple groups of that name exist. Cannot continue", file=sys.stderr) sys.exit(1) group = groups[0] ## Only grab from root path = "".join([db.root_group.path, args.entrytitle]) entries = db.find_entries_by_path(path) if len(entries) == 0: print("Entry by that title does not exist", file=sys.stderr) for entry in entries: group.append(entry) db.save()
def test_build_kdb(self): file = self.raw_kdb_full_path self.processor.build_kdb(filename=file, password="******") kdb = PyKeePass(filename=file, password="******") entries = kdb.entries groups = kdb.groups self.assertEqual(len(entries), 0) self.assertEqual(len(groups), 1) kdb_io = io.BytesIO() self.kdb.save(kdb_io) kdb_io.seek(0) self.processor.load_from_kdb(kdb_io, self.password) self.processor.build_kdb(filename=file, password="******") kdb = PyKeePass(filename=file, password="******") entries = kdb.entries groups = kdb.groups self.assertEqual(3, len(entries)) self.assertEqual(3, len(groups)) # TODO DRY self.processor.build_kdb(filename=kdb_io, password="******") kdb = PyKeePass(filename=file, password="******") entries = kdb.entries groups = kdb.groups self.assertEqual(3, len(entries)) self.assertEqual(3, len(groups))
def test_merge(sources): runner = CliRunner(env={"KEEPASS_PASSWORD": '******'}) result_file = 'merged.kdbx' files = sources + [result_file] file_paths = [os.path.join('tests', fname) for fname in files] try: result = runner.invoke(main, file_paths) print(result.stdout) assert not result.exception, exc_to_str(result.exc_info) assert result.exit_code == 0, " ".join(file_paths) assert os.path.exists(file_paths[-1]) dest = PyKeePass(file_paths[-1], 'password') entries = dest.entries assert len(entries) == 3 michael = dest.find_entries_by_username('Michael321', first=True) assert michael.password == 'replaced' user = dest.find_entries_by_username('User Name', first=True) assert user.password == 'Password' orig = dest.find_entries_by_title('OnlyOriginal', first=True) assert orig is not None finally: if os.path.exists(file_paths[-1]): os.remove(file_paths[-1])
class PyKeePassTests3(KDBX3Tests): def setUp(self): shutil.copy(os.path.join(base_dir, self.database), os.path.join(base_dir, 'change_creds.kdbx')) self.kp = PyKeePass(os.path.join(base_dir, self.database), password=self.password, keyfile=os.path.join(base_dir, self.keyfile)) self.kp_tmp = PyKeePass(os.path.join(base_dir, 'change_creds.kdbx'), password=self.password, keyfile=os.path.join(base_dir, self.keyfile)) def test_set_credentials(self): self.kp_tmp.password = '******' self.kp_tmp.keyfile = os.path.join(base_dir, 'change.key') self.kp_tmp.save() self.kp_tmp = PyKeePass(os.path.join(base_dir, 'change_creds.kdbx'), password='******', keyfile=os.path.join(base_dir, 'change.key')) results = self.kp.find_entries_by_username('foobar_user', first=True) self.assertEqual('foobar_user', results.username) def test_dump_xml(self): self.kp.dump_xml('db_dump.xml') with open('db_dump.xml') as f: first_line = f.readline() self.assertEqual( first_line, '<?xml version=\'1.0\' encoding=\'utf-8\' standalone=\'yes\'?>\n' ) def tearDown(self): os.remove(os.path.join(base_dir, 'change_creds.kdbx'))
def main(kwargs): password = (get_password( kwargs["--password-file"] if kwargs["--askpass"] else None)) logging.info("Opening database, this might take a while...") kp = PyKeePass( kwargs["KEEPASSX-DB"], password=password, keyfile=kwargs["--keyfile"], ) logging.info("Database opened.") #entries = kp.find_entries( # title=kwargs["--title"], # username=kwargs["--username"], # history=kwargs["--history"], # regex=kwargs["--regex"], #) entries = kp.find_entries(username=kwargs["--username"], ) logging.info("# of entries to search for pwnage: {}".format(len(entries))) for n, entry in enumerate(entries, 1): print('{}: {}'.format(n, entry.title), end=' ') ps = pwned_status(PWNED_URL_BASE, entry.password) if ps: print('PWNED!! (password: {})'.format(entry.password)) else: print('OK') logging.info("Done.")
def run(self, terms, variables, **kwargs): filename = self.get_filename() password = self.get_password() ret = [] kp = PyKeePass(filename, password) for term in terms: path, attribute = term.rsplit('.', 1) found = kp.find_entries_by_path(path, first=True) if not found: raise AnsibleError( "Entry %s not found in keepass-Database %s" % \ (path, filename) ) if attribute.startswith('attr_'): dict = found.custom_properties value = dict[attribute[len('attr_'):]] else: value = getattr(found, attribute) ret.append(value) return ret
def init_kpdb(self): ''' init vars for Keepass ''' self.listuser = [] self.searchuser = [] nb_user = int(input('Combien de compte à rechercher ? : ')) i = 0 while i < nb_user: ''' Create a list user ''' user = input('Renseigner le nom de votre utilisateur : ') self.searchuser.append(user) i += 1 try: ''' Check and add user to list ''' self.db = PyKeePass(self.path, password=self.password) for user in self.searchuser: print( 'Recherche dans la base l\'utilisateur : {0}'.format(user)) if self.db.find_entries(username=user, first=True): self.listuser.append(user) print('L\'utilisateur : {0} a été ajouté à la liste !'. format) else: print('L\'utilisateur : {0} n\'a pas été trouvé !'.format( user)) except FileNotFoundError: print('Le fichier n\'a pas été trouvé !')
def establishServerConnection( hostIpAddress="172.16.128.196", dbName="corona", username=None, password=None, keepassDB="Q:\\FoodData\\new\\01_technical\\Password Database\\DIL.kdbx", keepassKey="Q:\\FoodData\\new\\01_technical\\Password Database\\2018-03-09_Schlüssel.key", keepassTitle="MariaDB c.seebold"): if username == None and password == None: # Provide MariaDB account information by accessing the locally stored KeePass file. keePass = PyKeePass(keepassDB, keyfile=keepassKey) entry = keePass.find_entries( title=keepassTitle, first=True) # Find entry 'MariaDB c.seebold'. username = entry.username password = entry.password # Try and except clause checks if connection was successful. try: connection = pymysql.connect( hostIpAddress, username, password, dbName, local_infile=True ) # Requires to add 'loose-local-infile = 1' in the '[client]' section of '/etc(/mysql)/my.cnf'. print("Connection to database {0} successfully established.".format( dbName)) return connection except: print("ERROR: Connection to database {0} failed.".format(dbName)) import sys sys.exit()
def setUp(self): shutil.copy(os.path.join(base_dir, self.database), os.path.join(base_dir, 'change_creds.kdbx')) self.kp = PyKeePass(os.path.join(base_dir, self.database), password=self.password, keyfile=os.path.join(base_dir, self.keyfile)) self.kp_tmp = PyKeePass(os.path.join(base_dir, 'change_creds.kdbx'), password=self.password, keyfile=os.path.join(base_dir, self.keyfile))
def setUp(self): shutil.copy(os.path.join(base_dir, 'test.kdbx'), os.path.join(base_dir, 'change_creds.kdbx')) self.kp = PyKeePass(os.path.join(base_dir, 'test.kdbx'), password='******', keyfile=os.path.join(base_dir, 'test.key')) self.kp_tmp = PyKeePass(os.path.join(base_dir, 'change_creds.kdbx'), password='******', keyfile=os.path.join(base_dir, 'test.key'))
def __init__(self, database_path, password=None, keyfile=None, logging_manager=None): self.logging_manager = logging_manager self.db = PyKeePass(database_path, password, keyfile) self.database_path = database_path self.database_file_descriptor = Gio.File.new_for_path(database_path) self.password = password
def setUp(self): shutil.copy(os.path.join(base_dir, self.database), os.path.join(base_dir, 'change_creds.kdbx')) self.kp = PyKeePass(os.path.join(base_dir, self.database), password=self.password, keyfile=os.path.join(base_dir, self.keyfile)) # for tests which modify the database, use this self.kp_tmp = PyKeePass(os.path.join(base_dir, 'change_creds.kdbx'), password=self.password, keyfile=os.path.join(base_dir, self.keyfile))
def test_set_credentials(self): self.kp_tmp.password = '******' self.kp_tmp.keyfile = os.path.join(base_dir, 'change.key') self.kp_tmp.save() self.kp_tmp = PyKeePass(os.path.join(base_dir, 'change_creds.kdbx'), password='******', keyfile=os.path.join(base_dir, 'change.key')) results = self.kp.find_entries_by_username('foobar_user', first=True) self.assertEqual('foobar_user', results.username)
def _build_from_blank(self, filename, password): if self._blank_kdb_file and os.path.isfile(self._blank_kdb_file): kdb = PyKeePass(self._blank_kdb_file, self._blank_kdb_file_password) kdb.filename = filename kdb.password = password kdb.keyfile = None else: kdb = create_database(filename, password) self.__tmd_kdb = kdb
def open(self): """Open the keepass repository.""" if not PYKEEPASS: raise ImportError(name='pykeepass') try: self.keepass = PyKeePass(self.prefix, password=getpassword(self.prefix), keyfile=self.keyfile) except CredentialsIntegrityError as error: raise PMError(error)
def read_keepass_data(self, entry_name, field_name): try: kp = PyKeePass(self.keepass_file, password=self.keepass_password) entry = kp.find_entries(title=entry_name, first=True) field_data = entry._get_string_field(field_name) return field_data except Exception as e: raise ValueError( '[ERRO] - Erro ao ler o Keepass:\n%s \n\nVerifique a senha informada e tente novamente' % (str(e)), file=stderr)
def open(self): """Open the keepass repository.""" if not PYKEEPASS: raise ImportError(name='pykeepass') try: self.keepass = PyKeePass(self.prefix, password=getpassword(self.prefix), keyfile=self.keyfile) except (CredentialsError, PayloadChecksumError, HeaderChecksumError) as error: # pragma: no cover raise PMError(error)
def main(fullpath): password = getpass() try: db = PyKeePass(fullpath, password) except: print("Wrong path/password") return for entry in db.entries: entry.title = parse(entry.url) db.save()
def __init__(self, masterpass): logger.info('Requesting KeePass database data') try: self.kp = PyKeePass(KPpath.PATH, password=masterpass) logger.info('Credentials database fetched') except FileNotFoundError: logger.error(f'KDBX file {KPpath.PATH} does not exist') print(f'KDBX file {KPpath.PATH} does not exist') sys.exit() except exceptions.CredentialsIntegrityError: logger.error(f'Unauthorized access to {KPpath.PATH} attempt!') print('Wrong password - try again') sys.exit()
def test_processor(self): processor = Processor(vault_settings=self.vault_config, kdb_settings=self.kdb_config) processor.sync_from_kdb() processor.sync_from_vault() processor.write_vault() file_like = io.BytesIO() processor._kdb_settings["filename"] = file_like processor.write_kdb() file_like.seek(0) kdb = PyKeePass(filename=file_like, password=self.kdb_password) entry = kdb.find_entries_by_title(title="test_entry", first=True) self.assertEqual(entry.path, ["test", "sub", "test_entry"])
def test_open_error(self): with self.assertRaises(CredentialsError): database = 'test4.kdbx' invalid_password = '******' keyfile = os.path.join(base_dir, 'test4.key') PyKeePass(os.path.join(base_dir, database), password=invalid_password, keyfile=keyfile) with self.assertRaises(CredentialsError): database = 'test4.kdbx' password = '******' invalid_keyfile = os.path.join(base_dir, 'test3.key') PyKeePass(os.path.join(base_dir, database), password=password, keyfile=invalid_keyfile)
def main(): args = parser.parse_args() f = open(args.password_file) pw = f.read().strip() kp = PyKeePass(args.kdbx, password=pw) entry = kp.find_entries(title=args.entry, first=True) uri = entry.get_custom_property("otp") totp = pyotp.parse_uri(uri) print(totp.now())
def __init__(self, password, cfgfile='pass.yml'): keyfile = None with open(cfgfile, 'r') as ymlfile: cfg = yaml.safe_load(ymlfile)['keepass'] dbfile = cfg['dbfile'] group = cfg['group'] newentry = cfg['newentry'] oldentry = cfg['oldentry'] if 'keyfile' in cfg: keyfile = cfg['keyfile'] self.keepass = PyKeePass(dbfile, password=password, keyfile=keyfile) self.group = self.keepass.find_groups(name=group, first=True) self.oldentry = self.keepass.find_entries( title=oldentry, group=self.group, first=True) self.newentry = self.keepass.find_entries( title=newentry, group=self.group, first=True)
def main(): parser = argparse.ArgumentParser() parser.add_argument("-f", "--file", action="store", dest="file", required=True, help="Keepass file location") parser.add_argument("-p", "--password", action="store", dest="password", required=True, help="Keepass file password") parser.add_argument("-s", "--search", action="store", dest="search", required=True, help="Search Key") args = parser.parse_args() kp = PyKeePass(args.file, password=args.password) searchTerm = args.search.split(" ") KeePass.search(kp, searchTerm)
class KeepassDB: #class for keepass file def __init__(self, masterpass): logger.info('Requesting KeePass database data') try: self.kp = PyKeePass(KPpath.PATH, password=masterpass) logger.info('Credentials database fetched') except FileNotFoundError: logger.error(f'KDBX file {KPpath.PATH} does not exist') print(f'KDBX file {KPpath.PATH} does not exist') sys.exit() except exceptions.CredentialsIntegrityError: logger.error(f'Unauthorized access to {KPpath.PATH} attempt!') print('Wrong password - try again') sys.exit() def get_credential(self, credential_name): logger.debug(f'Requesting {credential_name} credentials') try: entry = self.kp.find_entries(title=tt.names[credential_name], first=True) logger.debug(f'{credential_name} credentials found') return entry.username, entry.password except KeyError: logger.error( f'{credential_name} not found in {KPpath.PATH}. Please provide correct name of entry.' ) print( f'{credential_name} not found in {KPpath.PATH}. Please provide correct name of entry.' ) sys.exit()
def _load_keepass_data(self): # aggregate entries kp = PyKeePass(filename=self._keepass_file_path, password=self._keepass_password, keyfile=self._keepass_keyfile_path) # reset data structures self._kp_ref_entries = [] self._entries = {} logging.info( f"Found {len(kp.entries)} entries in KeePass DB. Parsing now...") for entry in kp.entries: # if not entry.password and not entry.username and not entry.notes: # logging.warn(f"Ignoring entry {entry.title} since it has neither (1) a password, (2) a username, or (3) notes") # continue # prevent not iterable errors at "in" checks username = entry.username if entry.username else '' password = entry.password if entry.password else '' # Skip REFs as ID might not be in dict yet if KP_REF_IDENTIFIER in username or KP_REF_IDENTIFIER in password: self._kp_ref_entries.append(entry) continue # Normal entry self._add_bw_entry_to_entires_dict(entry) logging.info(f"Parsed {len(self._entries)} entries")
def __init__(self): Gtk.Window.__init__(self, title="Database") self.set_border_width(10) self.set_default_size(700, 400) scrolled = Gtk.ScrolledWindow() scrolled.set_policy(Gtk.PolicyType.NEVER, Gtk.PolicyType.AUTOMATIC) flowbox = Gtk.FlowBox() flowbox.set_valign(Gtk.Align.START) flowbox.set_max_children_per_line(3) flowbox.set_selection_mode(Gtk.SelectionMode.NONE) kp = PyKeePass(file_path, password=key) for i in kp.entries: global entry entry = i copyuser = Gtk.Button(label = "Copy Username") copyuser.connect("clicked", self.CopyUser) copypass = Gtk.Button(label="Copy Password") copypass.connect("clicked", self.CopyPass) label = Gtk.Label() label.set_text(i.title) flowbox.add(label) flowbox.add(copyuser) flowbox.add(copypass) scrolled.add(flowbox) self.add(scrolled) self.show_all()
def parse(self, inventory, loader, path, cache=False): # call base method to ensure properties are available for use with other helper methods super(InventoryModule, self).parse(inventory, loader, path, cache) # Populate option defaults self.set_options() kp_db = None for pw in self.get_kp_passwords(): try: kp_db = PyKeePass(path, password=pw) if kp_db: self.display.vvv("Attempt to decrypt the keepass file succeeded") break except Exception as ex: # Assuming we've not reached the correct pw self.display.vvv("An attempt to decrypt the keepass file failed: "+str(ex)) continue if kp_db: # Load config options from kdb file d = kp_db.tree.find('Meta/DatabaseDescription') if d is not None and d.text: options = self.read_notes(d.text) if options: self._consume_options(options) if options: self.display.warning("Database Description contains unsupported options") self._parse_kp_db(kp_db) else: raise AnsibleParserError("Unable to decrypt keepass file")
def _load_keepass_data(self): # aggregate entries kp = PyKeePass(self._keepass_file_path, password=self._keepass_password) # reset data structures self._kp_ref_entries = [] self._entries = {} logging.info( f"Found {len(kp.entries)} entries in KeePass DB. Parsing now...") for entry in kp.entries: if not entry.password and not entry.username and not entry.notes: continue # prevent not iteratable errors at "in" checks username = entry.username if entry.username else '' password = entry.password if entry.password else '' # Skip REFs as ID might not be in dict yet if KP_REF_IDENTIFIER in username or KP_REF_IDENTIFIER in password: self._kp_ref_entries.append(entry) continue # Normal entry self._add_bw_entry_to_entires_dict(entry) logging.debug(f"Parsed {len(self._entries)} entries")
def _fetch_file(self, kp_dbx, kp_psw, kp_key, entry_path, entry_attr, enable_custom_attr): if kp_key: kp_key = os.path.realpath(os.path.expanduser(kp_key)) if os.path.isfile(kp_key): display.vvv(u"Keepass: database keyfile: %s" % kp_key) try: if not LookupModule.keepass: LookupModule.keepass = PyKeePass(kp_dbx, kp_psw, kp_key) entry = LookupModule.keepass.\ find_entries_by_path(entry_path, first=True) if entry is None: raise AnsibleError(u"Entry '%s' is not found" % entry_path) display.vv( u"KeePass: attr: %s in path: %s" % (entry_attr, entry_path)) entry_val = None if enable_custom_attr: entry_val = entry.get_custom_property(entry_attr) if entry_val is not None: return [entry_val] else: raise AnsibleError(AttributeError(u"'No custom field property '%s'" % (entry_attr))) else: return [getattr(entry, entry_attr)] except ChecksumError: raise AnsibleError("Wrong password/keyfile {}".format(kp_dbx)) except (AttributeError, FileNotFoundError) as e: raise AnsibleError(e)
def run(self, terms, variables, **kwargs): filename = self.get_filename() password = self.get_password() ret = [] kp = PyKeePass(filename, password) for term in terms: path, attribute = term.rsplit('.', 1) found = kp.find_entries_by_path(path, first=True) if not found: raise AnsibleError( "Entry %s not found in keepass-Database %s" % \ (path, filename) ) value = getattr(found, attribute) ret.append(value) return ret
hkey = hashlib.sha256(key.encode()).digest() iv = hashlib.md5(key.encode()).digest() return hkey, iv if len(sys.argv) < 2: print("Modo de empleo: {} <input.geco>") sys.exit() input_file = sys.argv[1] output_file = 'db.kdbx' master = getpass.getpass("Contraseña maestra: ") aes = CustomAES() kp = PyKeePass('database.kdbx', password="******") kp.password = master groups = {} with open(input_file, 'r') as f: for p in f.readlines(): name, type, description, account, password, cypher_method, updated, expiration = p.split("|") expiration = datetime.datetime.fromtimestamp(float(expiration)) updated = datetime.datetime.fromtimestamp(float(updated)) name, type, description, account =\ map(lambda x: x.replace("\\n", "\n"), (name, type, description, account)) clear = aes.decrypt(password, master) if type and not type in groups: