🔐 A simple command-line password manager.

Related tags

Security related resourcespassword-managerpasswordpython3password-vaultsqlite3sqlite3-encryptionencryption-decryption
Overview

PassVault

Languages Repository size License

What Is It?

It is a command-line password manager, for educational purposes, that stores localy, in AES encryption, your sensitives datas in a SQlite database (.db). This project was made to learn more about cryptography and not for intended for actual use. This software is used at your own risks. It is provided as is and I (including any contributors) do not take any responsibility for any damage or loss done with or by it.

Installation

Clone this repository: git clone https://github.com/vlHan/PassVault or download zip

  • Enter the folder: cd PassVault/
  • Install python3

    • Linux

      • sudo apt-get install python3
      • chmod +x *
      • python3 -m pip install -r requirements.txt
      • Finished!

    • Windows and Mac

Usage

After installing, use the following command to install the dependecies and run the program.

$ python3 run.py

Or you can manually install the dependecies and run:

$ pip3 install -r requirements.txt
$ python3 run.py

⚠️ The program needs all the files, be sure to have all the dependecies and files installed.

How It Works

  1. After running you need to create your master password. This master password will be the key to indenty if the user is actually you, be sure you have saved, because the master password is unrecoverable.
  2. Follow the steps and answer the inputs, these informations will be saved.

After following the steps, the code will store your datas, encrypted in AES encryption, that comes from a python library pycryptodome, in a SQlite file. To authenticate the user, they are prompted to create a master password (that is also used to decrypt data) which is then stored using HMAC autentication code (that use SHA3_512 Hash Function for the digest mod). Whenever the user is prompted to verify their master password, the password they enter is compared to the hash of the stored master password and access if granted if the two hashes match.

if os.path.isfile('db/info.json'): # verify if the master password is created
    with open("db/info.json", 'r') as f: # read the salt stored in the file
      jfile = json.load(f) 

    self.master_pw = getpass.getpass('Enter your master password: ') # ask the master password

    h = hmac.new(self.master_pw.encode(), msg=str(jfile["Informations"]["salt"]).encode(), digestmod=hashlib.sha3_512).hexdigest() # use HMAC and encrypt in sha3_512 HASH Function 

    if h == jfile["Informations"]["master_password"]: # compare with the hash of the master password
        ...

Author and Contributor


@vlHan
@carvalinh0

Shoutouts

  • @carvalinh0 for helping me in the AES encryption.

All notable changes to this project will be in project changelog

Contributing

If you want to contribute see guidelines for contributing.

License

This project is under the MIT License.

You might also like...
A simple password generator using Python Tkinter.
A simple password generator using Python Tkinter.

Password-Generator-using-Python A simple password generator that generates password for you. User can Copy the password to Clipboard. Project made usi

Prashant Agheda 1 Nov 2, 2022
A python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Hcoder This is a python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Muhammad Hamza 3 Dec 6, 2021
Password List Creator Simple !

Password List Creator Simple !

MR.D3F417 4 Jan 27, 2022
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

Varun Jagtap 5 Oct 8, 2022
command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validatio

Aiminsun 165 Dec 21, 2022
Used to build an XSS platform on the command line.

pyXSSPlatform Used to build an XSS platform on the command line. Usage: 1.generate the cert file You can use openssl like this: openssl req -new -x509

null 70 Jun 21, 2022
PasswordManager is a command-line program that helps you manage your secret files like passwords

PasswordManager is a command-line program that helps you manage your secret files like passwords. It's very minimalistic and easy to use.

Michael 3 Dec 30, 2021
The disassembler parses evm bytecode from the command line or from a file.

EVM Bytecode Disassembler The disassembler parses evm bytecode from the command line or from a file. It does not matter whether the bytecode is prefix

alpharush 22 Dec 27, 2022
Simple yara rule manager

Yara Manager A simple program to manage your yara ruleset in a (sqlite) database. Todos Search rules and descriptions Cluster rules in rulesets Enforc

Nils Kuhnert 65 Nov 17, 2022
Releases(V1.4)

  • V1.4(Jan 29, 2022)

    [V1.4] - 2022-01-29

    Added

    • New functions in the database file to avoid sqlite3 functions repetitions.
    • The name of the sqlite database is the name of your machine
      • Be sure not to change the name or something, otherwise the program will create another file and you'll lose the database

    Changed

    • Connection to the database file, now verify if the user is running in or out of the PassVault diretory

    Removed

    • vault.db in .gitignore
    • Remove coding utf-8 (do not need)
    Source code(tar.gz)
    Source code(zip)

  • V1.3(Jan 27, 2022)

    [V1.3] - 2022-01-25

    Added

    • Code optimization using new functions
    • New password generator function

    Changed

    • instance of menu and database class in modules/main.py

    Removed

    • unused functions
    Source code(tar.gz)
    Source code(zip)

  • V1.2(Jan 25, 2022)

    [V1.2] - 2022-01-23

    • Exceptions (KeyboardInterrupt) and exit config
    • Colors
    • See only one information (stored_passwords())
      • It shows just the platofrm and the ID
    • Checkmark and x mark

    Changed

    • Manager class in __main__.py to modules/main.py
    • to look up the password, need to know the ID using the function stored_password()

    Removed

    • Old show informations function (see_all())
    Source code(tar.gz)
    Source code(zip)

  • V1.1(Jan 6, 2022)

    [V1.1] - 2021-12-30

    Added

    • master password table (masterpassword) in the database SQlite.
    • a logo (demo/logo.png) and moved passvault.png to demo folder

    Changed

    • The json file as a database to a table in the SQlite database.
    • key system to a ID system (change/delete informations)

    Removed

    • json master password system.
    • key system
    Source code(tar.gz)
    Source code(zip)

  • V1.0(Dec 27, 2021)

Owner
Young student of Python and Programming.
GitHub Repository
Auerswald COMpact 8.0B Backdoors exploit

CVE-2021-40859 Auerswald COMpact 8.0B Backdoors exploit About Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow a

Ashish Kunwar 1 Nov 24, 2022
This repository will contain python scripts for hackers and pentesters

This repository will contain python scripts for hackers and pentesters. stop being limited with availble tools. Build your own.

0xTRAW 24 Nov 29, 2022
Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe

Welcome to HubbleStack!! You can find the docs here You can file an issue here Follow us on Twitter! Development Below are sample instructions to setu

HubbleStack 368 Jan 04, 2023
A tool that detects the expensive Carbon Black watchlists.

A tool that detects the "expensive" Carbon Black watchlists.

Oğuzcan Pamuk 8 Aug 04, 2022
A honeypot for the Log4Shell vulnerability (CVE-2021-44228)

Log4Pot A honeypot for the Log4Shell vulnerability (CVE-2021-44228). License: GPLv3.0 Features Listen on various ports for Log4Shell exploitation. Det

Thomas Patzke 79 Dec 27, 2022
A decompilation of the Nintendo Switch version of Captain Toad: Treasure Tracker

cttt-decomp A decompilation of the Nintendo Switch version of Captain Toad: Trea

shibbs 14 Aug 17, 2022
Domain abuse scanner covering domainsquatting and phishing keywords.

🦷 monodon 🐋 Domain abuse scanner covering domainsquatting and phishing keywords. Setup Monodon is a Python 3.7+ programm. To setup on a Linux machin

2 Mar 15, 2022
domato but as a website

ROFL-FUZZER Ths is Domato, a DOM Fuzzer from Google, but hosted as an website It generates a instance of a newtab on the template given by the user ,

Swapnadeep Som 18 Nov 22, 2021
Webpack自动化信息收集

Webpack-信息收集工具 郑重声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担。 0x01 介绍 作者:小洲 团队:横戈安全团队,未来一段时间将陆续开源工具,欢迎关注微信公众号: 定位:协助红队人员快速的信息收集,测绘目

小洲 214 Dec 19, 2022
MTBLLS Ethical Hacking Tool Announcement of v2.0

MTBLLS Ethical Hacking Tool Announcement of v2.0 MTBLLS is a Free and Open-Source Ethical Hacking Tool developed by GhostTD (SkyWtkh) The tool can onl

Ghost 2 Mar 19, 2022
Scanner for Intranet

cthun3是集成端口扫描,服务识别,netbios扫描,网站识别,暴力破解和漏洞扫描的工具. cthun(克苏恩)是魔兽世界电子游戏中一位上古之神 截图 cthun3结合viper使用时截图 使用方法 端口扫描 -ps-ip 端口扫描的ip地址范围,例如可以输入 -ps-ip 192.168.14

rootkit 18 Sep 03, 2022
A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell

log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description This demo Tomcat 8 server has a vulnerable app deployed on it and is also vulne

60 Dec 10, 2022
BF-Hash - A Python Tool to decrypt hashes by brute force

BF-Hash Herramienta para descifrar hashes por fuerza bruta Instalación git clone

5 Apr 09, 2022
A python script to bypass 403-forbidden.

4nought3 A python script to bypass 403-forbidden. It covers methods like Host-Header Injections, Changing HTTP Requests Methods and URL-Injections. Us

11 Aug 27, 2022
Bilgi Sistemleri Projesi için yapılan keylogger

Keylogger Bilgi Sistemleri Projesi için yapılan keylogger Projede kullanılan kütüphanelere sahip olmasanız da python dosyası çalıştığında kendisi gere

Tarik Bulut 1 Jan 07, 2022
This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

CVE-2021-40444 builders This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit. This repo is just for testing, re

ASL IT Security 168 Nov 09, 2022
Scan your logs for CVE-2021-44228 related activity and report the attackers

jndiRep - CVE-2021-44228 Basically a bad grep on even worse drugs. search for malicious strings decode payloads print results to stdout or file report

js-on 2 Nov 24, 2022
ThePhish: an automated phishing email analysis tool

ThePhish ThePhish is an automated phishing email analysis tool based on TheHive, Cortex and MISP. It is a web application written in Python 3 and base

675 Jan 03, 2023
Anti Supercookie - Confusing the ISP & Escaping the Supercookie

Confusing the ISP & Escaping the Supercookie

Baris Dincer 2 Nov 22, 2022
Signatures and IoCs from public Volexity blog posts.

threat-intel This repository contains IoCs related to Volexity public threat intelligence blog posts. They are organised by year, and within each year

Volexity 130 Dec 29, 2022