🔐 A simple command-line password manager.

Related tags

Security related resourcespassword-managerpasswordpython3password-vaultsqlite3sqlite3-encryptionencryption-decryption
Overview

PassVault

Languages Repository size License

What Is It?

It is a command-line password manager, for educational purposes, that stores localy, in AES encryption, your sensitives datas in a SQlite database (.db). This project was made to learn more about cryptography and not for intended for actual use. This software is used at your own risks. It is provided as is and I (including any contributors) do not take any responsibility for any damage or loss done with or by it.

Installation

Clone this repository: git clone https://github.com/vlHan/PassVault or download zip

  • Enter the folder: cd PassVault/
  • Install python3

    • Linux

      • sudo apt-get install python3
      • chmod +x *
      • python3 -m pip install -r requirements.txt
      • Finished!

    • Windows and Mac

Usage

After installing, use the following command to install the dependecies and run the program.

$ python3 run.py

Or you can manually install the dependecies and run:

$ pip3 install -r requirements.txt
$ python3 run.py

⚠️ The program needs all the files, be sure to have all the dependecies and files installed.

How It Works

  1. After running you need to create your master password. This master password will be the key to indenty if the user is actually you, be sure you have saved, because the master password is unrecoverable.
  2. Follow the steps and answer the inputs, these informations will be saved.

After following the steps, the code will store your datas, encrypted in AES encryption, that comes from a python library pycryptodome, in a SQlite file. To authenticate the user, they are prompted to create a master password (that is also used to decrypt data) which is then stored using HMAC autentication code (that use SHA3_512 Hash Function for the digest mod). Whenever the user is prompted to verify their master password, the password they enter is compared to the hash of the stored master password and access if granted if the two hashes match.

if os.path.isfile('db/info.json'): # verify if the master password is created
    with open("db/info.json", 'r') as f: # read the salt stored in the file
      jfile = json.load(f) 

    self.master_pw = getpass.getpass('Enter your master password: ') # ask the master password

    h = hmac.new(self.master_pw.encode(), msg=str(jfile["Informations"]["salt"]).encode(), digestmod=hashlib.sha3_512).hexdigest() # use HMAC and encrypt in sha3_512 HASH Function 

    if h == jfile["Informations"]["master_password"]: # compare with the hash of the master password
        ...

Author and Contributor


@vlHan
@carvalinh0

Shoutouts

  • @carvalinh0 for helping me in the AES encryption.

All notable changes to this project will be in project changelog

Contributing

If you want to contribute see guidelines for contributing.

License

This project is under the MIT License.

You might also like...
A simple password generator using Python Tkinter.
A simple password generator using Python Tkinter.

Password-Generator-using-Python A simple password generator that generates password for you. User can Copy the password to Clipboard. Project made usi

Prashant Agheda 1 Nov 2, 2022
A python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Hcoder This is a python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Muhammad Hamza 3 Dec 6, 2021
Password List Creator Simple !

Password List Creator Simple !

MR.D3F417 4 Jan 27, 2022
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

Varun Jagtap 5 Oct 8, 2022
command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validatio

Aiminsun 165 Dec 21, 2022
Used to build an XSS platform on the command line.

pyXSSPlatform Used to build an XSS platform on the command line. Usage: 1.generate the cert file You can use openssl like this: openssl req -new -x509

null 70 Jun 21, 2022
PasswordManager is a command-line program that helps you manage your secret files like passwords

PasswordManager is a command-line program that helps you manage your secret files like passwords. It's very minimalistic and easy to use.

Michael 3 Dec 30, 2021
The disassembler parses evm bytecode from the command line or from a file.

EVM Bytecode Disassembler The disassembler parses evm bytecode from the command line or from a file. It does not matter whether the bytecode is prefix

alpharush 22 Dec 27, 2022
Simple yara rule manager

Yara Manager A simple program to manage your yara ruleset in a (sqlite) database. Todos Search rules and descriptions Cluster rules in rulesets Enforc

Nils Kuhnert 65 Nov 17, 2022
Releases(V1.4)

  • V1.4(Jan 29, 2022)

    [V1.4] - 2022-01-29

    Added

    • New functions in the database file to avoid sqlite3 functions repetitions.
    • The name of the sqlite database is the name of your machine
      • Be sure not to change the name or something, otherwise the program will create another file and you'll lose the database

    Changed

    • Connection to the database file, now verify if the user is running in or out of the PassVault diretory

    Removed

    • vault.db in .gitignore
    • Remove coding utf-8 (do not need)
    Source code(tar.gz)
    Source code(zip)

  • V1.3(Jan 27, 2022)

    [V1.3] - 2022-01-25

    Added

    • Code optimization using new functions
    • New password generator function

    Changed

    • instance of menu and database class in modules/main.py

    Removed

    • unused functions
    Source code(tar.gz)
    Source code(zip)

  • V1.2(Jan 25, 2022)

    [V1.2] - 2022-01-23

    • Exceptions (KeyboardInterrupt) and exit config
    • Colors
    • See only one information (stored_passwords())
      • It shows just the platofrm and the ID
    • Checkmark and x mark

    Changed

    • Manager class in __main__.py to modules/main.py
    • to look up the password, need to know the ID using the function stored_password()

    Removed

    • Old show informations function (see_all())
    Source code(tar.gz)
    Source code(zip)

  • V1.1(Jan 6, 2022)

    [V1.1] - 2021-12-30

    Added

    • master password table (masterpassword) in the database SQlite.
    • a logo (demo/logo.png) and moved passvault.png to demo folder

    Changed

    • The json file as a database to a table in the SQlite database.
    • key system to a ID system (change/delete informations)

    Removed

    • json master password system.
    • key system
    Source code(tar.gz)
    Source code(zip)

  • V1.0(Dec 27, 2021)

Owner
Young student of Python and Programming.
GitHub Repository
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

Duc Linh Nguyen 4 Aug 08, 2022
Web-eyes - OSINT tools for website research

WEB-EYES V1.0 web-eyes: OSINT tools for website research, 14 research methods ar

8 Nov 10, 2022
You can manage your password with this program.

You must have Python compilers in order to run this program. First of all, download the compiler in the link.

Mustafa Bahadır Doğrusöz 6 Aug 07, 2021
RedlineSpam - Python tool to spam Redline Infostealer panels with legit looking data

RedlineSpam Python tool to spam Redline Infostealer panels with legit looking da

4 Jan 27, 2022
A tool to extract the IdP cert from vCenter backups and log in as Administrator

vCenter SAML Login Tool A tool to extract the Identity Provider (IdP) cert from vCenter backups and log in as Administrator Background Commonly, durin

Horizon 3 AI Inc 343 Dec 31, 2022
Statistical Random Number Generator Attack Against The Kirchhoff-law-johnson-noise (Kljn) Secure Key Exchange Protocol

Statistical Random Number Generator Attack Against The Kirchhoff-law-johnson-noise (Kljn) Secure Key Exchange Protocol

zeze 1 Jan 13, 2022
Log4j vuln fuzz/scan with python

Log4jFuzz log4j vuln fuzz/scan USE // it's use localhost udp server to check target vuln. python3 log4jFuzz.py [option] optional arguments: -u URL,

VVzv 3 Dec 22, 2021
NExfil is an OSINT tool written in python for finding profiles by username.

NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within few seconds.

thewhiteh4t 1.4k Jan 01, 2023
Searches through git repositories for high entropy strings and secrets, digging deep into commit history

truffleHog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accident

Truffle Security 10.1k Jan 09, 2023
test application for the licence key web app.

licence_software_test_app Make sure you set your database values in a .env file to the folder. Install MYSQL connector: pip install mysql-connector-py

Carl Beattie 1 Oct 28, 2021
Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

django-permissions-policy Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app. Requirements Python 3.

Adam Johnson 76 Nov 30, 2022
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

Cracker 331 Jan 01, 2023
Omega - From Wordpress admin to pty

The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Keep in mind that right now Omega only can attack Linux hosts.

Ángel Heredia 12 Nov 09, 2022
Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VSS-AGENT service running on host)

VSSTrigger Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VS

Filip Dragovic 6 Jul 24, 2022
ProxyLogon Pre-Auth SSRF To Arbitrary File Write

ProxyLogon Pre-Auth SSRF To Arbitrary File Write For Education and Research Usage: C:\python proxylogon.py mail.evil.corp lulz 117 Nov 28, 2022

A small POC plugin for launching dumpulator emulation within IDA, passing it addresses from your IDA view using the context menu.

Dumpulator-IDA Currently proof-of-concept This project is a small POC plugin for launching dumpulator emulation within IDA, passing it addresses from

Michael 9 Sep 21, 2022
PyPasser is a Python library for bypassing reCaptchaV3 only by sending 2 requests.

PyPasser is a Python library for bypassing reCaptchaV3 only by sending 2 requests. In 1st request, gets token of captcha and in 2nd request,

253 Jan 05, 2023
Extendable payload obfuscation and delivery framework

NSGenCS What Is? An extremely simple, yet extensible framework to evade AV with obfuscated payloads under Windows. Installation Requirements Currently

123 Dec 19, 2022
GDID (Google Dorks for Information Disclosure)

GDID (Google Dorks for Information Disclosure) Script made for your recon automation in Bug Bounty or Pentest. It will help you to find Information Di

Nischacid 5 Mar 10, 2022
🔍 IRIS: An open-source intelligence framework

IRIS is an open-source OSINT framework, consisting of modules to find information about a target by scraping sites and fetching data from APIs.

IRIS 79 Dec 20, 2022