Cloudflare / Pass Checker
Simon Lackerbauer
simon at lackerbauer.com
Sat Feb 25 14:37:45 CET 2017
This seems unnecessarily complex. I just cobbled together something real
quick, which works well for my usecase with filenames being domain
names, mostly at the password-store root, some in subdirectories:
#!/bin/bash
CLOUDFLARE_FILE=~/sorted_unique_cf.txt
PASS_STORE=~/dev/password-store/
find ${PASS_STORE} -not -path '*/\.*' -type f -follow -print | while
read f; do
base_filename=${f##*/}
base_filename_without_gpg=${base_filename%.*}
grep -Fx "${base_filename_without_gpg}" ${CLOUDFLARE_FILE}
done
Does the job in about 4 seconds for my ~200 passwords. And apparently
uber.com and patreon.com are affected.
Cheers,
Simon
On 02/24/2017 01:13 PM, www.passwordstore.org at sjau.ch wrote:
> Hi there
>
> Just learnt today about the cloudflare fiasco. Good that I use pass and
> have seperate passwords for things.
>
> Also, usually I store stuff in Web\domain.tld when I need to make an
> account at domain.tld.
>
> So, I wrote a small bash script that allows to check the Cloudflare
> domain list with your pass entries to see, if there are services that
> you use that could be compromised.
>
> The current cloudflare domain list can be found here:
>
> https://github.com/pirate/sites-using-cloudflare
>
> I'm not sure how accurate that is but it has over 4 million domains.
>
> Since the script uses bash and bash isn't so slow, it takes quite a
> while to parse everything (still parsing on my system).
>
> Basically what the script does is build an array of your pass entries -
> omitting the .gpg and the path.
>
> Then it reads out the first 1000 entries in the cloudflare list and
> iterates them over each pass entry. If there's a match, it should write
> to a seperate text file.
>
> All you have to do is download the attached script, set the path to your
> password-store and the cloudflare domain list and let it run. As said,
> it will take quite a long time.
>
> Feel free to improve the script ;)
>
> Stephan
>
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
--
www.lackerbauer.com
8A86 BD14 1859 44F2 5B83 6908 4B81 EE5D 6A56 A4DE
More information about the Password-Store
mailing list