passpass - password passer

From Noah.org
Revision as of 02:02, 1 June 2014 by Root (talk | contribs) (Created page with 'Category: Engineering This is a wrapper around tools like SSH that ask for passwords directly from your ptty instead of stdin. You can use this to pass passwords on the comm…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search


This is a wrapper around tools like SSH that ask for passwords directly from your ptty instead of stdin. You can use this to pass passwords on the command-line exactly the way you're not supposed to. If you don't know why this is a bad idea then you probably shouldn't be using this tool.

#!/usr/bin/env python

'''
SYNOPSIS

    passpass COMMAND  # read password from stdin
    passpass -p PASSWORD COMMAND  # use -p option to set password.

DESCRIPTION

    This is the infamous password passer, scourge of security. 
    Use it wisely. Use it rarely. Do not use it at all.
    This will read a password from stdin and provide it when running
    the given command, or the -p option may be used to pass a password
    on the command-line. This can be used to circumvent applications
    that read directly from a pty. Pretty much the only applications
    people care to use this for are ssh, scp, and rsync, but there
    could be other use cases that this tools could be used for.

EXAMPLES

    The following are some examples of how to use this script.

        # echo "bad_password" | passpass ssh root@www.example.com hostname -f
        www.example.com

        # passpass -p bad_password ssh root@example.com hostname -f
        www.example.com

EXIT STATUS

    This exits with status 0 on success and 1 otherwise.
    This exits with a status greater than 1 if there was an
    unexpected run-time error.

AUTHOR

    Noah Spurrier <noah@noah.org>

LICENSE

    This license is approved by the OSI and FSF as GPL-compatible.
        http://opensource.org/licenses/isc-license.txt

    Copyright (c) 2010, Noah Spurrier
    PERMISSION TO USE, COPY, MODIFY, AND/OR DISTRIBUTE THIS SOFTWARE FOR ANY
    PURPOSE WITH OR WITHOUT FEE IS HEREBY GRANTED, PROVIDED THAT THE ABOVE
    COPYRIGHT NOTICE AND THIS PERMISSION NOTICE APPEAR IN ALL COPIES.
    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

VERSION

    Version 1
'''

__version__ = 'Version 1'
__author__ = 'Noah Spurrier <noah@noah.org>'

import sys
import os
import traceback
import pexpect


def main(args):

    if args[0] == '-p':
        password = args[1]
        args = args[2:]
    else:
        password = sys.stdin.readline().strip()
    command = ' '.join(args[0:])

    print command
    print password
    lout = file("/tmp/passpass.log", "w")
    child = pexpect.spawn(command, logfile=lout)
    while True:
        ii = child.expect(["(?i)password:",
            "(?i)Are you sure you want to continue connecting (yes/no)?",])
        if ii == 0:
            child.sendline(password)
            break
        elif ii == 1:
            child.sendline("yes")
    child.expect(pexpect.EOF)
    print child.before
    return child.exitstatus


if __name__ == '__main__':
    try:
        exit_code = main(sys.argv[1:])
        if exit_code is None:
            exit_code = 0
        sys.exit(exit_code)
    except KeyboardInterrupt as e:
        # The user pressed Ctrl-C.
        raise e
    except SystemExit as e:
        # The script called sys.exit() somewhere.
        raise e
    except Exception as e:
        print('ERROR: Unexpected Exception')
        print(str(e))
        traceback.print_exc()
        os._exit(2)

# vim:set ft=python fileencoding=utf-8 sr et ts=4 sw=4 : See help 'modeline'