🔐 A simple command-line password manager.

Last update: Aug 15, 2022

Overview

PassVault

What Is It?

It is a command-line password manager, for educational purposes, that stores localy, in AES encryption, your sensitives datas in a SQlite database (.db). This project was made to learn more about cryptography and not for intended for actual use. This software is used at your own risks. It is provided as is and I (including any contributors) do not take any responsibility for any damage or loss done with or by it.

Installation

Clone this repository: git clone https://github.com/vlHan/PassVault or download zip

Enter the folder: cd PassVault/
Install python3
- Linux
  - sudo apt-get install python3
  - chmod +x *
  - python3 -m pip install -r requirements.txt
  - Finished!
- Windows and Mac
  - Python 3, download and install
  - python -m pip install -r requirements.txt
  - Finished!

Usage

After installing, use the following command to install the dependecies and run the program.

$ python3 run.py

Or you can manually install the dependecies and run:

$ pip3 install -r requirements.txt
$ python3 run.py

⚠️ The program needs all the files, be sure to have all the dependecies and files installed.

How It Works

After running you need to create your master password. This master password will be the key to indenty if the user is actually you, be sure you have saved, because the master password is unrecoverable.
Follow the steps and answer the inputs, these informations will be saved.

After following the steps, the code will store your datas, encrypted in AES encryption, that comes from a python library pycryptodome, in a SQlite file. To authenticate the user, they are prompted to create a master password (that is also used to decrypt data) which is then stored using HMAC autentication code (that use SHA3_512 Hash Function for the digest mod). Whenever the user is prompted to verify their master password, the password they enter is compared to the hash of the stored master password and access if granted if the two hashes match.

if os.path.isfile('db/info.json'): # verify if the master password is created
    with open("db/info.json", 'r') as f: # read the salt stored in the file
      jfile = json.load(f) 

    self.master_pw = getpass.getpass('Enter your master password: ') # ask the master password

    h = hmac.new(self.master_pw.encode(), msg=str(jfile["Informations"]["salt"]).encode(), digestmod=hashlib.sha3_512).hexdigest() # use HMAC and encrypt in sha3_512 HASH Function 

    if h == jfile["Informations"]["master_password"]: # compare with the hash of the master password
        ...

Author and Contributor

@vlHan	@carvalinh0

Shoutouts

@carvalinh0 for helping me in the AES encryption.

All notable changes to this project will be in project changelog

Contributing

If you want to contribute see guidelines for contributing.

License

This project is under the MIT License.

You might also like...

A simple password generator using Python Tkinter.

Password-Generator-using-Python A simple password generator that generates password for you. User can Copy the password to Clipboard. Project made usi

1 Nov 2, 2022

A python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Hcoder This is a python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

3 Dec 6, 2021

Password List Creator Simple !

4 Jan 27, 2022

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

5 Oct 8, 2022

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validatio

165 Dec 21, 2022

Used to build an XSS platform on the command line.

pyXSSPlatform Used to build an XSS platform on the command line. Usage: 1.generate the cert file You can use openssl like this: openssl req -new -x509

70 Jun 21, 2022

PasswordManager is a command-line program that helps you manage your secret files like passwords

PasswordManager is a command-line program that helps you manage your secret files like passwords. It's very minimalistic and easy to use.

3 Dec 30, 2021

The disassembler parses evm bytecode from the command line or from a file.

EVM Bytecode Disassembler The disassembler parses evm bytecode from the command line or from a file. It does not matter whether the bytecode is prefix

22 Dec 27, 2022

Simple yara rule manager

Yara Manager A simple program to manage your yara ruleset in a (sqlite) database. Todos Search rules and descriptions Cluster rules in rulesets Enforc

65 Nov 17, 2022

Releases(V1.4)

V1.4(Jan 29, 2022)
[V1.4] - 2022-01-29

Added

New functions in the database file to avoid sqlite3 functions repetitions.

The name of the sqlite database is the name of your machine

Be sure not to change the name or something, otherwise the program will create another file and you'll lose the database

Changed

Connection to the database file, now verify if the user is running in or out of the PassVault diretory

Removed

vault.db in .gitignore

Remove coding utf-8 (do not need)

Source code(tar.gz)
Source code(zip)
V1.3(Jan 27, 2022)
[V1.3] - 2022-01-25

Added

Code optimization using new functions

New password generator function

Changed

instance of menu and database class in modules/main.py

Removed

unused functions

Source code(tar.gz)
Source code(zip)
V1.2(Jan 25, 2022)
[V1.2] - 2022-01-23

Exceptions (KeyboardInterrupt) and exit config

Colors

See only one information (stored_passwords())

It shows just the platofrm and the ID

Checkmark and x mark

Changed

Manager class in __main__.py to modules/main.py

to look up the password, need to know the ID using the function stored_password()

Removed

Old show informations function (see_all())

Source code(tar.gz)
Source code(zip)
V1.1(Jan 6, 2022)
[V1.1] - 2021-12-30

Added

master password table (masterpassword) in the database SQlite.

a logo (demo/logo.png) and moved passvault.png to demo folder

Changed

The json file as a database to a table in the SQlite database.

key system to a ID system (change/delete informations)

Removed

json master password system.

key system

Source code(tar.gz)
Source code(zip)
V1.0(Dec 27, 2021)

The first version of Passvault, a command-line password manager.
Source code(tar.gz)
Source code(zip)

Owner

Young student of Python and Programming.

GitHub Repository

Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

31 Oct 21, 2022

Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systems

KCMTicketFormatter This tools takes the output from https://github.com/fireeye/SSSDKCMExtractor and turns it into properly formatted CCACHE files for

35 Oct 25, 2022

It is a very simple XSS simulator based on flask, python.

It is a very simple XSS simulator based on flask, python. The purpose of making this is for teaching the concept of XSS.

3 May 10, 2022

A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

CVE-2021-44228 – Log4j RCE Unauthenticated About This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228). This vulnerability

20 Nov 11, 2022

HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures.

HatVenom HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures. Featu

100 Dec 23, 2022

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

RedTeam Toolkit Note: Only legal activities should be conducted with this project. Red Team Toolkit is an Open-Source Django Offensive Web-App contain

382 Jan 01, 2023

🔐 A simple command-line password manager.

Related tags

Overview

PassVault

What Is It?

Installation

Usage

How It Works

Author and Contributor

Shoutouts

Contributing

License

You might also like...

A simple password generator using Python Tkinter.

A python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Password List Creator Simple !

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Used to build an XSS platform on the command line.

PasswordManager is a command-line program that helps you manage your secret files like passwords

The disassembler parses evm bytecode from the command line or from a file.

Simple yara rule manager

Releases(V1.4)

V1.4(Jan 29, 2022)

[V1.4] - 2022-01-29

Added

Changed

Removed

V1.3(Jan 27, 2022)

[V1.3] - 2022-01-25

Added

Changed

Removed

V1.2(Jan 25, 2022)

[V1.2] - 2022-01-23

Changed

Removed

V1.1(Jan 6, 2022)

[V1.1] - 2021-12-30

Added

Changed

Removed

V1.0(Dec 27, 2021)

Owner

Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

Format SSSD Raw Kerberos Payloads into CCACHE files for use on Windows systems

It is a very simple XSS simulator based on flask, python.

A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

HatSploit native powerful payload generation and shellcode injection tool that provides support for common platforms and architectures.

Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools used in the red-teaming together.

A script to extract SNESticle from Fight Night Round 2

An open-source post-exploitation framework for students, researchers and developers.

Tools for converting Nintendo DS binaries to an ELF file for Ghidra/IDA

Automatically download all 10,000 CryptoPunk NFTs.

This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

Denial Attacks by Various Methods

Visibility and Mitigation for Log4J vulnerabilities

NS-LOOKUP - A python script for scanning website for getting ip address of a website

Sentinel-1 SAR time series analysis for OSINT use

The RDT protocol (RDT3.0,GBN,SR) implementation and performance evaluation code using socket

adb - A tool that allows you to search for vulnerable android devices across the world and exploit them.

XSS scanner in python

Python implementation for PrintNightmare using standard Impacket.

A Fast Broken Link Hijacker Tool written in Python