def process():
args = get_args()
print(args.dbpath)
if not os.path.exists(args.dbpath):
print("DB file path does not exist", file=sys.stderr)
sys.exit(1)
password = getpass()
try:
db = KP(args.dbpath, password=password)
except FileNotFoundError:
print("DB file path does not exist", file=sys.stderr)
sys.exit(1)
except OSError:
print("Invalid password", file=sys.stderr)
sys.exit(1)
except Exception:
print("Misc error", file=sys.stderr)
sys.exit(1)
groups = db.find_groups_by_name(args.groupname)
if len(groups) == 0:
print("Group does not exist", file=sys.stderr)
sys.exit(1)
if len(groups) > 1:
print("Multiple groups of that name exist. Cannot continue",
file=sys.stderr)
sys.exit(1)
group = groups[0]
## Only grab from root
path = "".join([db.root_group.path, args.entrytitle])
entries = db.find_entries_by_path(path)
if len(entries) == 0:
print("Entry by that title does not exist", file=sys.stderr)
for entry in entries:
group.append(entry)
db.save()
def test_build_kdb(self):
file = self.raw_kdb_full_path
self.processor.build_kdb(filename=file, password="******")
kdb = PyKeePass(filename=file, password="******")
entries = kdb.entries
groups = kdb.groups
self.assertEqual(len(entries), 0)
self.assertEqual(len(groups), 1)
kdb_io = io.BytesIO()
self.kdb.save(kdb_io)
kdb_io.seek(0)
self.processor.load_from_kdb(kdb_io, self.password)
self.processor.build_kdb(filename=file, password="******")
kdb = PyKeePass(filename=file, password="******")
entries = kdb.entries
groups = kdb.groups
self.assertEqual(3, len(entries))
self.assertEqual(3, len(groups))
# TODO DRY
self.processor.build_kdb(filename=kdb_io, password="******")
kdb = PyKeePass(filename=file, password="******")
entries = kdb.entries
groups = kdb.groups
self.assertEqual(3, len(entries))
self.assertEqual(3, len(groups))
def test_merge(sources):
runner = CliRunner(env={"KEEPASS_PASSWORD": '******'})
result_file = 'merged.kdbx'
files = sources + [result_file]
file_paths = [os.path.join('tests', fname) for fname in files]
try:
result = runner.invoke(main, file_paths)
print(result.stdout)
assert not result.exception, exc_to_str(result.exc_info)
assert result.exit_code == 0, " ".join(file_paths)
assert os.path.exists(file_paths[-1])
dest = PyKeePass(file_paths[-1], 'password')
entries = dest.entries
assert len(entries) == 3
michael = dest.find_entries_by_username('Michael321', first=True)
assert michael.password == 'replaced'
user = dest.find_entries_by_username('User Name', first=True)
assert user.password == 'Password'
orig = dest.find_entries_by_title('OnlyOriginal', first=True)
assert orig is not None
finally:
if os.path.exists(file_paths[-1]):
os.remove(file_paths[-1])
class PyKeePassTests3(KDBX3Tests):
def setUp(self):
shutil.copy(os.path.join(base_dir, self.database),
os.path.join(base_dir, 'change_creds.kdbx'))
self.kp = PyKeePass(os.path.join(base_dir, self.database),
password=self.password,
keyfile=os.path.join(base_dir, self.keyfile))
self.kp_tmp = PyKeePass(os.path.join(base_dir, 'change_creds.kdbx'),
password=self.password,
keyfile=os.path.join(base_dir, self.keyfile))
def test_set_credentials(self):
self.kp_tmp.password = '******'
self.kp_tmp.keyfile = os.path.join(base_dir, 'change.key')
self.kp_tmp.save()
self.kp_tmp = PyKeePass(os.path.join(base_dir, 'change_creds.kdbx'),
password='******',
keyfile=os.path.join(base_dir, 'change.key'))
results = self.kp.find_entries_by_username('foobar_user', first=True)
self.assertEqual('foobar_user', results.username)
def test_dump_xml(self):
self.kp.dump_xml('db_dump.xml')
with open('db_dump.xml') as f:
first_line = f.readline()
self.assertEqual(
first_line,
'<?xml version=\'1.0\' encoding=\'utf-8\' standalone=\'yes\'?>\n'
)
def tearDown(self):
os.remove(os.path.join(base_dir, 'change_creds.kdbx'))
def main(kwargs):
password = (get_password(
kwargs["--password-file"] if kwargs["--askpass"] else None))
logging.info("Opening database, this might take a while...")
kp = PyKeePass(
kwargs["KEEPASSX-DB"],
password=password,
keyfile=kwargs["--keyfile"],
)
logging.info("Database opened.")
#entries = kp.find_entries(
# title=kwargs["--title"],
# username=kwargs["--username"],
# history=kwargs["--history"],
# regex=kwargs["--regex"],
#)
entries = kp.find_entries(username=kwargs["--username"], )
logging.info("# of entries to search for pwnage: {}".format(len(entries)))
for n, entry in enumerate(entries, 1):
print('{}: {}'.format(n, entry.title), end=' ')
ps = pwned_status(PWNED_URL_BASE, entry.password)
if ps:
print('PWNED!! (password: {})'.format(entry.password))
else:
print('OK')
logging.info("Done.")
def run(self, terms, variables, **kwargs):
filename = self.get_filename()
password = self.get_password()
ret = []
kp = PyKeePass(filename, password)
for term in terms:
path, attribute = term.rsplit('.', 1)
found = kp.find_entries_by_path(path, first=True)
if not found:
raise AnsibleError(
"Entry %s not found in keepass-Database %s" % \
(path, filename)
)
if attribute.startswith('attr_'):
dict = found.custom_properties
value = dict[attribute[len('attr_'):]]
else:
value = getattr(found, attribute)
ret.append(value)
return ret
def init_kpdb(self):
'''
init vars for Keepass
'''
self.listuser = []
self.searchuser = []
nb_user = int(input('Combien de compte à rechercher ? : '))
i = 0
while i < nb_user:
'''
Create a list user
'''
user = input('Renseigner le nom de votre utilisateur : ')
self.searchuser.append(user)
i += 1
try:
'''
Check and add user to list
'''
self.db = PyKeePass(self.path, password=self.password)
for user in self.searchuser:
print(
'Recherche dans la base l\'utilisateur : {0}'.format(user))
if self.db.find_entries(username=user, first=True):
self.listuser.append(user)
print('L\'utilisateur : {0} a été ajouté à la liste !'.
format)
else:
print('L\'utilisateur : {0} n\'a pas été trouvé !'.format(
user))
except FileNotFoundError:
print('Le fichier n\'a pas été trouvé !')
def establishServerConnection(
hostIpAddress="172.16.128.196",
dbName="corona",
username=None,
password=None,
keepassDB="Q:\\FoodData\\new\\01_technical\\Password Database\\DIL.kdbx",
keepassKey="Q:\\FoodData\\new\\01_technical\\Password Database\\2018-03-09_Schlüssel.key",
keepassTitle="MariaDB c.seebold"):
if username == None and password == None:
# Provide MariaDB account information by accessing the locally stored KeePass file.
keePass = PyKeePass(keepassDB, keyfile=keepassKey)
entry = keePass.find_entries(
title=keepassTitle, first=True) # Find entry 'MariaDB c.seebold'.
username = entry.username
password = entry.password
# Try and except clause checks if connection was successful.
try:
connection = pymysql.connect(
hostIpAddress, username, password, dbName, local_infile=True
) # Requires to add 'loose-local-infile = 1' in the '[client]' section of '/etc(/mysql)/my.cnf'.
print("Connection to database {0} successfully established.".format(
dbName))
return connection
except:
print("ERROR: Connection to database {0} failed.".format(dbName))
import sys
sys.exit()
def setUp(self):
shutil.copy(os.path.join(base_dir, self.database),
os.path.join(base_dir, 'change_creds.kdbx'))
self.kp = PyKeePass(os.path.join(base_dir, self.database),
password=self.password,
keyfile=os.path.join(base_dir, self.keyfile))
self.kp_tmp = PyKeePass(os.path.join(base_dir, 'change_creds.kdbx'),
password=self.password,
keyfile=os.path.join(base_dir, self.keyfile))
def setUp(self):
shutil.copy(os.path.join(base_dir, 'test.kdbx'),
os.path.join(base_dir, 'change_creds.kdbx'))
self.kp = PyKeePass(os.path.join(base_dir, 'test.kdbx'),
password='******',
keyfile=os.path.join(base_dir, 'test.key'))
self.kp_tmp = PyKeePass(os.path.join(base_dir, 'change_creds.kdbx'),
password='******',
keyfile=os.path.join(base_dir, 'test.key'))
def __init__(self,
database_path,
password=None,
keyfile=None,
logging_manager=None):
self.logging_manager = logging_manager
self.db = PyKeePass(database_path, password, keyfile)
self.database_path = database_path
self.database_file_descriptor = Gio.File.new_for_path(database_path)
self.password = password
def setUp(self):
shutil.copy(os.path.join(base_dir, self.database),
os.path.join(base_dir, 'change_creds.kdbx'))
self.kp = PyKeePass(os.path.join(base_dir, self.database),
password=self.password,
keyfile=os.path.join(base_dir, self.keyfile))
# for tests which modify the database, use this
self.kp_tmp = PyKeePass(os.path.join(base_dir, 'change_creds.kdbx'),
password=self.password,
keyfile=os.path.join(base_dir, self.keyfile))
def test_set_credentials(self):
self.kp_tmp.password = '******'
self.kp_tmp.keyfile = os.path.join(base_dir, 'change.key')
self.kp_tmp.save()
self.kp_tmp = PyKeePass(os.path.join(base_dir, 'change_creds.kdbx'),
password='******',
keyfile=os.path.join(base_dir, 'change.key'))
results = self.kp.find_entries_by_username('foobar_user', first=True)
self.assertEqual('foobar_user', results.username)
def _build_from_blank(self, filename, password):
if self._blank_kdb_file and os.path.isfile(self._blank_kdb_file):
kdb = PyKeePass(self._blank_kdb_file,
self._blank_kdb_file_password)
kdb.filename = filename
kdb.password = password
kdb.keyfile = None
else:
kdb = create_database(filename, password)
self.__tmd_kdb = kdb
def open(self):
"""Open the keepass repository."""
if not PYKEEPASS:
raise ImportError(name='pykeepass')
try:
self.keepass = PyKeePass(self.prefix,
password=getpassword(self.prefix),
keyfile=self.keyfile)
except CredentialsIntegrityError as error:
raise PMError(error)
def read_keepass_data(self, entry_name, field_name):
try:
kp = PyKeePass(self.keepass_file, password=self.keepass_password)
entry = kp.find_entries(title=entry_name, first=True)
field_data = entry._get_string_field(field_name)
return field_data
except Exception as e:
raise ValueError(
'[ERRO] - Erro ao ler o Keepass:\n%s \n\nVerifique a senha informada e tente novamente'
% (str(e)),
file=stderr)
def open(self):
"""Open the keepass repository."""
if not PYKEEPASS:
raise ImportError(name='pykeepass')
try:
self.keepass = PyKeePass(self.prefix,
password=getpassword(self.prefix),
keyfile=self.keyfile)
except (CredentialsError, PayloadChecksumError,
HeaderChecksumError) as error: # pragma: no cover
raise PMError(error)
def main(fullpath):
password = getpass()
try:
db = PyKeePass(fullpath, password)
except:
print("Wrong path/password")
return
for entry in db.entries:
entry.title = parse(entry.url)
db.save()
def __init__(self, masterpass):
logger.info('Requesting KeePass database data')
try:
self.kp = PyKeePass(KPpath.PATH, password=masterpass)
logger.info('Credentials database fetched')
except FileNotFoundError:
logger.error(f'KDBX file {KPpath.PATH} does not exist')
print(f'KDBX file {KPpath.PATH} does not exist')
sys.exit()
except exceptions.CredentialsIntegrityError:
logger.error(f'Unauthorized access to {KPpath.PATH} attempt!')
print('Wrong password - try again')
sys.exit()
def test_processor(self):
processor = Processor(vault_settings=self.vault_config,
kdb_settings=self.kdb_config)
processor.sync_from_kdb()
processor.sync_from_vault()
processor.write_vault()
file_like = io.BytesIO()
processor._kdb_settings["filename"] = file_like
processor.write_kdb()
file_like.seek(0)
kdb = PyKeePass(filename=file_like, password=self.kdb_password)
entry = kdb.find_entries_by_title(title="test_entry", first=True)
self.assertEqual(entry.path, ["test", "sub", "test_entry"])
def test_open_error(self):
with self.assertRaises(CredentialsError):
database = 'test4.kdbx'
invalid_password = '******'
keyfile = os.path.join(base_dir, 'test4.key')
PyKeePass(os.path.join(base_dir, database),
password=invalid_password,
keyfile=keyfile)
with self.assertRaises(CredentialsError):
database = 'test4.kdbx'
password = '******'
invalid_keyfile = os.path.join(base_dir, 'test3.key')
PyKeePass(os.path.join(base_dir, database),
password=password,
keyfile=invalid_keyfile)
def main():
args = parser.parse_args()
f = open(args.password_file)
pw = f.read().strip()
kp = PyKeePass(args.kdbx, password=pw)
entry = kp.find_entries(title=args.entry, first=True)
uri = entry.get_custom_property("otp")
totp = pyotp.parse_uri(uri)
print(totp.now())
def __init__(self, password, cfgfile='pass.yml'):
keyfile = None
with open(cfgfile, 'r') as ymlfile:
cfg = yaml.safe_load(ymlfile)['keepass']
dbfile = cfg['dbfile']
group = cfg['group']
newentry = cfg['newentry']
oldentry = cfg['oldentry']
if 'keyfile' in cfg:
keyfile = cfg['keyfile']
self.keepass = PyKeePass(dbfile, password=password, keyfile=keyfile)
self.group = self.keepass.find_groups(name=group, first=True)
self.oldentry = self.keepass.find_entries(
title=oldentry, group=self.group, first=True)
self.newentry = self.keepass.find_entries(
title=newentry, group=self.group, first=True)
def main():
parser = argparse.ArgumentParser()
parser.add_argument("-f",
"--file",
action="store",
dest="file",
required=True,
help="Keepass file location")
parser.add_argument("-p",
"--password",
action="store",
dest="password",
required=True,
help="Keepass file password")
parser.add_argument("-s",
"--search",
action="store",
dest="search",
required=True,
help="Search Key")
args = parser.parse_args()
kp = PyKeePass(args.file, password=args.password)
searchTerm = args.search.split(" ")
KeePass.search(kp, searchTerm)
class KeepassDB: #class for keepass file
def __init__(self, masterpass):
logger.info('Requesting KeePass database data')
try:
self.kp = PyKeePass(KPpath.PATH, password=masterpass)
logger.info('Credentials database fetched')
except FileNotFoundError:
logger.error(f'KDBX file {KPpath.PATH} does not exist')
print(f'KDBX file {KPpath.PATH} does not exist')
sys.exit()
except exceptions.CredentialsIntegrityError:
logger.error(f'Unauthorized access to {KPpath.PATH} attempt!')
print('Wrong password - try again')
sys.exit()
def get_credential(self, credential_name):
logger.debug(f'Requesting {credential_name} credentials')
try:
entry = self.kp.find_entries(title=tt.names[credential_name],
first=True)
logger.debug(f'{credential_name} credentials found')
return entry.username, entry.password
except KeyError:
logger.error(
f'{credential_name} not found in {KPpath.PATH}. Please provide correct name of entry.'
)
print(
f'{credential_name} not found in {KPpath.PATH}. Please provide correct name of entry.'
)
sys.exit()
def _load_keepass_data(self):
# aggregate entries
kp = PyKeePass(filename=self._keepass_file_path,
password=self._keepass_password,
keyfile=self._keepass_keyfile_path)
# reset data structures
self._kp_ref_entries = []
self._entries = {}
logging.info(
f"Found {len(kp.entries)} entries in KeePass DB. Parsing now...")
for entry in kp.entries:
# if not entry.password and not entry.username and not entry.notes:
# logging.warn(f"Ignoring entry {entry.title} since it has neither (1) a password, (2) a username, or (3) notes")
# continue
# prevent not iterable errors at "in" checks
username = entry.username if entry.username else ''
password = entry.password if entry.password else ''
# Skip REFs as ID might not be in dict yet
if KP_REF_IDENTIFIER in username or KP_REF_IDENTIFIER in password:
self._kp_ref_entries.append(entry)
continue
# Normal entry
self._add_bw_entry_to_entires_dict(entry)
logging.info(f"Parsed {len(self._entries)} entries")
def __init__(self):
Gtk.Window.__init__(self, title="Database")
self.set_border_width(10)
self.set_default_size(700, 400)
scrolled = Gtk.ScrolledWindow()
scrolled.set_policy(Gtk.PolicyType.NEVER, Gtk.PolicyType.AUTOMATIC)
flowbox = Gtk.FlowBox()
flowbox.set_valign(Gtk.Align.START)
flowbox.set_max_children_per_line(3)
flowbox.set_selection_mode(Gtk.SelectionMode.NONE)
kp = PyKeePass(file_path, password=key)
for i in kp.entries:
global entry
entry = i
copyuser = Gtk.Button(label = "Copy Username")
copyuser.connect("clicked", self.CopyUser)
copypass = Gtk.Button(label="Copy Password")
copypass.connect("clicked", self.CopyPass)
label = Gtk.Label()
label.set_text(i.title)
flowbox.add(label)
flowbox.add(copyuser)
flowbox.add(copypass)
scrolled.add(flowbox)
self.add(scrolled)
self.show_all()
def parse(self, inventory, loader, path, cache=False):
# call base method to ensure properties are available for use with other helper methods
super(InventoryModule, self).parse(inventory, loader, path, cache)
# Populate option defaults
self.set_options()
kp_db = None
for pw in self.get_kp_passwords():
try:
kp_db = PyKeePass(path, password=pw)
if kp_db:
self.display.vvv("Attempt to decrypt the keepass file succeeded")
break
except Exception as ex:
# Assuming we've not reached the correct pw
self.display.vvv("An attempt to decrypt the keepass file failed: "+str(ex))
continue
if kp_db:
# Load config options from kdb file
d = kp_db.tree.find('Meta/DatabaseDescription')
if d is not None and d.text:
options = self.read_notes(d.text)
if options:
self._consume_options(options)
if options:
self.display.warning("Database Description contains unsupported options")
self._parse_kp_db(kp_db)
else:
raise AnsibleParserError("Unable to decrypt keepass file")
def _load_keepass_data(self):
# aggregate entries
kp = PyKeePass(self._keepass_file_path,
password=self._keepass_password)
# reset data structures
self._kp_ref_entries = []
self._entries = {}
logging.info(
f"Found {len(kp.entries)} entries in KeePass DB. Parsing now...")
for entry in kp.entries:
if not entry.password and not entry.username and not entry.notes:
continue
# prevent not iteratable errors at "in" checks
username = entry.username if entry.username else ''
password = entry.password if entry.password else ''
# Skip REFs as ID might not be in dict yet
if KP_REF_IDENTIFIER in username or KP_REF_IDENTIFIER in password:
self._kp_ref_entries.append(entry)
continue
# Normal entry
self._add_bw_entry_to_entires_dict(entry)
logging.debug(f"Parsed {len(self._entries)} entries")
def _fetch_file(self, kp_dbx, kp_psw, kp_key, entry_path, entry_attr, enable_custom_attr):
if kp_key:
kp_key = os.path.realpath(os.path.expanduser(kp_key))
if os.path.isfile(kp_key):
display.vvv(u"Keepass: database keyfile: %s" % kp_key)
try:
if not LookupModule.keepass:
LookupModule.keepass = PyKeePass(kp_dbx, kp_psw, kp_key)
entry = LookupModule.keepass.\
find_entries_by_path(entry_path, first=True)
if entry is None:
raise AnsibleError(u"Entry '%s' is not found" % entry_path)
display.vv(
u"KeePass: attr: %s in path: %s" % (entry_attr, entry_path))
entry_val = None
if enable_custom_attr:
entry_val = entry.get_custom_property(entry_attr)
if entry_val is not None:
return [entry_val]
else:
raise AnsibleError(AttributeError(u"'No custom field property '%s'" % (entry_attr)))
else:
return [getattr(entry, entry_attr)]
except ChecksumError:
raise AnsibleError("Wrong password/keyfile {}".format(kp_dbx))
except (AttributeError, FileNotFoundError) as e:
raise AnsibleError(e)
def run(self, terms, variables, **kwargs):
filename = self.get_filename()
password = self.get_password()
ret = []
kp = PyKeePass(filename, password)
for term in terms:
path, attribute = term.rsplit('.', 1)
found = kp.find_entries_by_path(path, first=True)
if not found:
raise AnsibleError(
"Entry %s not found in keepass-Database %s" % \
(path, filename)
)
value = getattr(found, attribute)
ret.append(value)
return ret
hkey = hashlib.sha256(key.encode()).digest()
iv = hashlib.md5(key.encode()).digest()
return hkey, iv
if len(sys.argv) < 2:
print("Modo de empleo: {} <input.geco>")
sys.exit()
input_file = sys.argv[1]
output_file = 'db.kdbx'
master = getpass.getpass("Contraseña maestra: ")
aes = CustomAES()
kp = PyKeePass('database.kdbx', password="******")
kp.password = master
groups = {}
with open(input_file, 'r') as f:
for p in f.readlines():
name, type, description, account, password, cypher_method, updated, expiration = p.split("|")
expiration = datetime.datetime.fromtimestamp(float(expiration))
updated = datetime.datetime.fromtimestamp(float(updated))
name, type, description, account =\
map(lambda x: x.replace("\\n", "\n"), (name, type, description, account))
clear = aes.decrypt(password, master)
if type and not type in groups:
