Cloudflare / Pass Checker

Simon Lackerbauer simon at lackerbauer.com
Sat Feb 25 14:37:45 CET 2017


This seems unnecessarily complex. I just cobbled together something real
quick, which works well for my usecase with filenames being domain
names, mostly at the password-store root, some in subdirectories:

#!/bin/bash

CLOUDFLARE_FILE=~/sorted_unique_cf.txt
PASS_STORE=~/dev/password-store/

find ${PASS_STORE} -not -path '*/\.*' -type f -follow -print | while
read f; do
    base_filename=${f##*/}
    base_filename_without_gpg=${base_filename%.*}
    grep -Fx "${base_filename_without_gpg}" ${CLOUDFLARE_FILE}
done

Does the job in about 4 seconds for my ~200 passwords. And apparently
uber.com and patreon.com are affected.

Cheers,
Simon

On 02/24/2017 01:13 PM, www.passwordstore.org at sjau.ch wrote:
> Hi there
> 
> Just learnt today about the cloudflare fiasco. Good that I use pass and
> have seperate passwords for things.
> 
> Also, usually I store stuff in Web\domain.tld when I need to make an
> account at domain.tld.
> 
> So, I wrote a small bash script that allows to check the Cloudflare
> domain list with your pass entries to see, if there are services that
> you use that could be compromised.
> 
> The current cloudflare domain list can be found here:
> 
> https://github.com/pirate/sites-using-cloudflare
> 
> I'm not sure how accurate that is but it has over 4 million domains.
> 
> Since the script uses bash and bash isn't so slow, it takes quite a
> while to parse everything (still parsing on my system).
> 
> Basically what the script does is build an array of your pass entries -
> omitting the .gpg and the path.
> 
> Then it reads out the first 1000 entries in the cloudflare list and
> iterates them over each pass entry. If there's a match, it should write
> to a seperate text file.
> 
> All you have to do is download the attached script, set the path to your
> password-store and the cloudflare domain list and let it run. As said,
> it will take quite a long time.
> 
> Feel free to improve the script ;)
> 
> Stephan
> 
> 
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
> 

-- 
www.lackerbauer.com
8A86 BD14 1859 44F2 5B83  6908 4B81 EE5D 6A56 A4DE


More information about the Password-Store mailing list