Reputation: 1
How do I test password protected files in a bash script?
I am working on a script that will search through a linux directory (starting from root) and identify specific files based on file extensions. I want to dump those into a new text file (ex. testFile.txt) and then run each of the files (based on file path) against a list of generic passwords to ensure strong password use. I created a bunch of test directories and dummy files with the needed extensions and my search script works perfectly. I am able to successfully find all the correct files and put them into a testFile.txt, however, I'm not sure where to begin when it comes to testing for password protected files...any suggestions would be appreciated. I have included the script that I have written so far below:
#!/bin/bash
#This script, in theory, should search an entire linux instance for files with extensions
#.p12, .jks, .pfx, .pem, .ppk. Any found files will be saved to a text doc. For each file in said
#doc, we will attempt to open the file with a list of generic passwds. If there are any
#successes, we will save that file and the passwd to a different flag doc to be addressed.
#This should search a named directory for the file extensions and save to output file
find / -name *.p12 -o -name *.jks > keytoolFile.txt
#As a test, iterate over the output file and name them
keyFile=$(cat keytoolFile.txt)
for line in $keyFile; do
echo -e "$line\n"
keytool -list -keystore $line
done
#This next bit should go through the next set of file extensions and test them
find / -name *.pfx -o -name *.pem -o -name *.ppk > sshFile.txt
textFile=$(cat sshFile.txt)
for line in $textFile; do
echo -e "$line\n"
ssh-keygen -y -f $line
done
EDIT
I have added additions to the code above in an attempt to improve it, however, I am still having issues trying to add logic. What I want it to do is to run the command (depending on the file extension) which should prompt for a password. The passwords to be tested will be stored in a separate text file and I want the script to loop through each password in an attempt to find one that works. If it successfully authenticates then I want it to dump the file path and the password into a final text document.
Right now it asks for the password to be entered manually and on a failed attempt it simply moves on. Any tips on how I should add this logic would be appreciated.
#!/bin/bash
#This script, in theory, should search an entire linux instance for files with extensions
#.p12, .jks, .pfx, .pem, .ppk. Any found files will be saved to a text doc. For each file in said
#doc, we will attempt to open the file with a list of generic passwds. If there are any
#successes, we will save that file and the passwd to a different flag doc to be addressed.
#This should search a named directory for the file extensions and save to output file
find / -name *.p12 -o -name *.jks > keytoolFile.txt
#As a test, iterate over the output file and name them
keyFile=$(cat keytoolFile.txt)
passFile=$(cat pass.txt)
for i in $keyFile; do
for j in $passFile; do
echo -e "Attempting $j on $i"
keytool -list -keystore $line -storepass $j
done
done
#This next bit should go through the next set of file extensions and test them
find / -name *.pfx -o -name *.pem -o -name *.ppk > sshFile.txt
hostFile=$(cat sshFile.txt)
passFile=$(cat pass.txt)
for i in $hostFile; do
for j in $passFile; do
echo -e "Attempting $j on $i"
ssh-keygen -f -y $i -P $j
done
done
My issue now is that I get an 'Illegal option' error during the keytool operation...it appears to be iterating over the password just fine, but is somehow continuously picking up the first password in the file and trying to pass it as an option somehow...
Attempting 1qaz)OKM2wsx(IJN on <path/to/file/file.p12
Illegal option: 1qaz!QAZ2wsx@WSX
Upvotes: 0
Views: 805
Answers (1)
Reputation: 212268
Don't do it that way. Th are are too many issues that crop up when trying to read a list of names from a file (eg, if any of the names contains an embedded newline, it's hard to distinguish that from 2 distinct names). Instead, just create a script that tests the files individually and invoke it from find. Eg, if you put your script in /path/to/validate, you can do:
find "$HOME" \( -name '*.p12 '-o -name '*.jks' -o -name '*.pfx' \
-o -name '*.pem' -o -name '*.ppk' \) -exec /path/to/validate {} \;
Upvotes: 1
Related Questions
- Powershell script to verify if files in a directory contain passwords
- Password protected shell script
- Secure way to use password in bash and expect
- Bash script to read a password once and use it for many files
- How to check if password is correct in shell script?
- applying passwords to scripts
- linux - bash script - test a file
- linux command line, password protect file using script
- Fail if a script expects input or entering passwords
- How to pass a password in bash script?