Cloudflare / Pass Checker

www.passwordstore.org at sjau.ch www.passwordstore.org at sjau.ch
Fri Feb 24 13:13:17 CET 2017 

Hi there

Just learnt today about the cloudflare fiasco. Good that I use pass and 
have seperate passwords for things.

Also, usually I store stuff in Web\domain.tld when I need to make an 
account at domain.tld.

So, I wrote a small bash script that allows to check the Cloudflare 
domain list with your pass entries to see, if there are services that 
you use that could be compromised.

The current cloudflare domain list can be found here:

https://github.com/pirate/sites-using-cloudflare

I'm not sure how accurate that is but it has over 4 million domains.

Since the script uses bash and bash isn't so slow, it takes quite a 
while to parse everything (still parsing on my system).

Basically what the script does is build an array of your pass entries - 
omitting the .gpg and the path.

Then it reads out the first 1000 entries in the cloudflare list and 
iterates them over each pass entry. If there's a match, it should write 
to a seperate text file.

All you have to do is download the attached script, set the path to your 
password-store and the cloudflare domain list and let it run. As said, 
it will take quite a long time.

Feel free to improve the script ;)

Stephan
-------------- next part --------------
#!/usr/bin/env bash

cfFile="/home/<user>/Desktop/git-repos/sites-using-cloudflare/sorted_unique_cf.txt"
passStore="/home/<user>/.password-store"
numLines="1000"

getPassEntries() {
    # Check all files in the password store
    while IFS= read -rd '' file; do
        # Remove .gpg
        name="${file%.*}"
        # Remove path
        name="${name##*/}"
        passArr+=("${name}")
    done < <(find "$passStore" -type f -iname "*.gpg" -print0)
}

countCFEntries() {
    cfLines=$(cat "${cfFile}" | wc -l)
}

loopCFEntries() {
    s=1
    e=$((s + numLines -1))
    while [[ ${s} -lt ${cfLines} ]]; do
        unset cfArr
	cfArr=( $(sed -n "${s},${e}p" "${cfFile}" ) )
        for i in "${cfArr[@]}"; do
            printf '%s\n' "Testing: ${i}"
#           inArray "${i}" "${passArr[@]}" && printf '%s\n' "MATCH ${i} --> ${h}" || printf '%s\n' "${i} --> ${h}"
            for j in "${passArr[@]}"; do
#               printf '%s\n' "${i} --> ${j}"
                [[ $i = ?(*.)"$j" ]] && printf '%s\n' "MATCH: ${i} --> ${j}" && printf '%s\n' "${i} - ${j}" >> "matches.txt"
            done
        done
        s=$((e + 1))
        e=$((s + numLines -1))
    done
}


# Usage: inArray "${value}" "${array[@]}"
inArray() {
    local n=$1 h
    shift
    for h; do
        [[ $n = ?(*.)"$h" ]] && return
    done
    return 1
}


getPassEntries
#printf '%s\n' "${passArr[@]}"
countCFEntries
#printf '%s\n' "${cfLines}"
loopCFEntries

More information about the Password-Store mailing list