🔐 A simple command-line password manager.

Related tags

Security related resourcespassword-managerpasswordpython3password-vaultsqlite3sqlite3-encryptionencryption-decryption
Overview

PassVault

Languages Repository size License

What Is It?

It is a command-line password manager, for educational purposes, that stores localy, in AES encryption, your sensitives datas in a SQlite database (.db). This project was made to learn more about cryptography and not for intended for actual use. This software is used at your own risks. It is provided as is and I (including any contributors) do not take any responsibility for any damage or loss done with or by it.

Installation

Clone this repository: git clone https://github.com/vlHan/PassVault or download zip

  • Enter the folder: cd PassVault/
  • Install python3

    • Linux

      • sudo apt-get install python3
      • chmod +x *
      • python3 -m pip install -r requirements.txt
      • Finished!

    • Windows and Mac

Usage

After installing, use the following command to install the dependecies and run the program.

$ python3 run.py

Or you can manually install the dependecies and run:

$ pip3 install -r requirements.txt
$ python3 run.py

⚠️ The program needs all the files, be sure to have all the dependecies and files installed.

How It Works

  1. After running you need to create your master password. This master password will be the key to indenty if the user is actually you, be sure you have saved, because the master password is unrecoverable.
  2. Follow the steps and answer the inputs, these informations will be saved.

After following the steps, the code will store your datas, encrypted in AES encryption, that comes from a python library pycryptodome, in a SQlite file. To authenticate the user, they are prompted to create a master password (that is also used to decrypt data) which is then stored using HMAC autentication code (that use SHA3_512 Hash Function for the digest mod). Whenever the user is prompted to verify their master password, the password they enter is compared to the hash of the stored master password and access if granted if the two hashes match.

if os.path.isfile('db/info.json'): # verify if the master password is created
    with open("db/info.json", 'r') as f: # read the salt stored in the file
      jfile = json.load(f) 

    self.master_pw = getpass.getpass('Enter your master password: ') # ask the master password

    h = hmac.new(self.master_pw.encode(), msg=str(jfile["Informations"]["salt"]).encode(), digestmod=hashlib.sha3_512).hexdigest() # use HMAC and encrypt in sha3_512 HASH Function 

    if h == jfile["Informations"]["master_password"]: # compare with the hash of the master password
        ...

Author and Contributor


@vlHan
@carvalinh0

Shoutouts

  • @carvalinh0 for helping me in the AES encryption.

All notable changes to this project will be in project changelog

Contributing

If you want to contribute see guidelines for contributing.

License

This project is under the MIT License.

You might also like...
A simple password generator using Python Tkinter.
A simple password generator using Python Tkinter.

Password-Generator-using-Python A simple password generator that generates password for you. User can Copy the password to Clipboard. Project made usi

Prashant Agheda 1 Nov 2, 2022
A python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Hcoder This is a python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Muhammad Hamza 3 Dec 6, 2021
Password List Creator Simple !

Password List Creator Simple !

MR.D3F417 4 Jan 27, 2022
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

Varun Jagtap 5 Oct 8, 2022
command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validatio

Aiminsun 165 Dec 21, 2022
Used to build an XSS platform on the command line.

pyXSSPlatform Used to build an XSS platform on the command line. Usage: 1.generate the cert file You can use openssl like this: openssl req -new -x509

null 70 Jun 21, 2022
PasswordManager is a command-line program that helps you manage your secret files like passwords

PasswordManager is a command-line program that helps you manage your secret files like passwords. It's very minimalistic and easy to use.

Michael 3 Dec 30, 2021
The disassembler parses evm bytecode from the command line or from a file.

EVM Bytecode Disassembler The disassembler parses evm bytecode from the command line or from a file. It does not matter whether the bytecode is prefix

alpharush 22 Dec 27, 2022
Simple yara rule manager

Yara Manager A simple program to manage your yara ruleset in a (sqlite) database. Todos Search rules and descriptions Cluster rules in rulesets Enforc

Nils Kuhnert 65 Nov 17, 2022
Releases(V1.4)

  • V1.4(Jan 29, 2022)

    [V1.4] - 2022-01-29

    Added

    • New functions in the database file to avoid sqlite3 functions repetitions.
    • The name of the sqlite database is the name of your machine
      • Be sure not to change the name or something, otherwise the program will create another file and you'll lose the database

    Changed

    • Connection to the database file, now verify if the user is running in or out of the PassVault diretory

    Removed

    • vault.db in .gitignore
    • Remove coding utf-8 (do not need)
    Source code(tar.gz)
    Source code(zip)

  • V1.3(Jan 27, 2022)

    [V1.3] - 2022-01-25

    Added

    • Code optimization using new functions
    • New password generator function

    Changed

    • instance of menu and database class in modules/main.py

    Removed

    • unused functions
    Source code(tar.gz)
    Source code(zip)

  • V1.2(Jan 25, 2022)

    [V1.2] - 2022-01-23

    • Exceptions (KeyboardInterrupt) and exit config
    • Colors
    • See only one information (stored_passwords())
      • It shows just the platofrm and the ID
    • Checkmark and x mark

    Changed

    • Manager class in __main__.py to modules/main.py
    • to look up the password, need to know the ID using the function stored_password()

    Removed

    • Old show informations function (see_all())
    Source code(tar.gz)
    Source code(zip)

  • V1.1(Jan 6, 2022)

    [V1.1] - 2021-12-30

    Added

    • master password table (masterpassword) in the database SQlite.
    • a logo (demo/logo.png) and moved passvault.png to demo folder

    Changed

    • The json file as a database to a table in the SQlite database.
    • key system to a ID system (change/delete informations)

    Removed

    • json master password system.
    • key system
    Source code(tar.gz)
    Source code(zip)

  • V1.0(Dec 27, 2021)

Owner
Young student of Python and Programming.
GitHub Repository
SEBUAH TOOLS TERMUX CRACK AKUN FF HOMKI AKUN EPEP DAH SATU FOLLOW AE YA BROO AWOKWOK

print " INSTALL TOOLS " $ pkg update && upgrade $ pkg install python2 $ pkg install git $ pip2 install lolcat $ pip2 install bs4 $ pip2 install reques

Jeeck 2 Nov 29, 2021
Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts.

Oh365 User Finder Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to ident

Joe Helle 414 Jan 02, 2023
Discord Token Stealer Malware Protection

TokenGuard TokenGuard, protect your account, prevent token steal. Totally free and open source Discord Server: https://discord.gg/EmwfaGuBE8 Source Co

10 Nov 23, 2022
Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures

Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and auto-completion to your preferred editor once it is configured.

Stamus Networks 39 Nov 28, 2022
Python HDFS client

Python HDFS client Because the world needs yet another way to talk to HDFS from Python. Usage This library provides a Python client for WebHDFS. NameN

Jing Wang 82 Dec 28, 2022
Threat Intel Platform for T-POTs

GreedyBear The project goal is to extract data of the attacks detected by a TPOT or a cluster of them and to generate some feeds that can be used to p

The Honeynet Project 72 Jan 01, 2023
MassStringer, CTF Flag Finder

massStringer MassStringer, CTF Flag Finder Usage: python3 massStringer.py Enter absolute path of the directory to scan for flags Edit "flag = re.searc

SuperTsumu 4 Sep 06, 2022
zip-brute Zip File Password Cracking with Using Password List

Zip brute is a python script that cracks zip that are password protected using a wordlist dictionary.

AnonyminHack5 13 Nov 03, 2022
Grafana-POC(CVE-2021-43798)

Grafana-Poc 此工具请勿用于违法用途。 一、使用方法:python3 grafana_hole.py 在domain.txt中填入ip:port 二、漏洞影响范围 影响版本: Grafana 8.0.0 - 8.3.0 安全版本: Grafana 8.3.1, 8.2.7, 8.1.8,

8 Jan 03, 2023
exchange-ssrf-rce

Usage python3 .\exchange-exp.py -------------------------------------------------------------------------------- |

Jen 76 Nov 09, 2022
BurpSuite Extension: Log4j RCE Scanner

BurpSuite Extension: Log4j RCE Scanner

1 Dec 16, 2021
A python tool capable of creating HUGE wordlists. Has the ability to add custom words for concatenation in any way you see fit.

A python tool capable of creating HUGE wordlists. Has the ability to add custom words for concatenation in any way you see fit.

Codex 9 Oct 05, 2022
Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

Bug Alert Bug Alert is a service for alerting security and IT professionals of h

BugAlert.org 208 Dec 15, 2022
SonicWALL SSL-VPN Web Server Vulnerable Exploit

SonicWALL SSL-VPN Web Server Vulnerable Exploit

44 Nov 15, 2022
A quick script to spot the usage of Unicode Bidi (bidirectional) characters that could lead to an Invisible Backdoor

Invisible Backdoor Detector is a little Python script that allows you to spot and remove Bidi characters that could lead to an invisible backdoor. If you don't know what that is you should check the

SecSI 28 Dec 29, 2022
A python script written for lazy people to hack their school systen ;D

F-ck-the-system A python script written for lazy people to hack their school systen ;D Python voice notes writer This is a python script to record you

Sachit 2 Jan 09, 2022
DoSer.py - Simple DoSer in Python

DoSer.py - Simple DoSer in Python What is DoSer? DoSer is basically an HTTP Denial of Service attack that affects threaded servers. It works like this

1 Oct 12, 2021
Guess the password for Tik Tok accounts

Guess the password for Tik Tok accounts Tool features : You don't need proxies There is no captcha Running on a private api Combo T

32 Dec 25, 2022
Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

Fox-IT 431 Dec 22, 2022
A small POC plugin for launching dumpulator emulation within IDA, passing it addresses from your IDA view using the context menu.

Dumpulator-IDA Currently proof-of-concept This project is a small POC plugin for launching dumpulator emulation within IDA, passing it addresses from

Michael 9 Sep 21, 2022