Password Manager V.1 05-22-2013, 07:01 PM
#1
![[Image: 63XHaMF.png]](http://i.imgur.com/63XHaMF.png)
May I present you my new database program, the Password Manager Version. It's an improved version from my previous VRD project. For me the VRD has very buggy code, Here are some of it's aditional features:
Features:
- Base64 encoded credentials
- Unix Based Authentication (Login to be precise)
- Less If statements
- Intro to Classes
- Better Error Handling
- Better Code (From VRD Point of View)
- Command Input (No menu)
- Linux Compatible Only (Sorry Windows Users, Read below for Why Windows is not supported)
- Python Version 3.3 Used
Glitch:
- The delete function with display "Credentials Deleted!" even if the username doesn't even exist. I'll be releasing a fix soon as it's not a big problem
- Clear function will not work for MAC Users
Commands Usage:
insert -- Insert credentials into the database
view -- View the credential database
delete -- Delete a credential based on username
search -- Search for a credential detail using Username
exit -- Quit program
Logging In:
In my password manager I've used PAM to simulate Unix Authentication which means that Linux users can log in using their account username and password. Because Windows doesn't use Unix auth, logging will give error and hence program will easily malfunction. I will include support If I find any windows related auth
module for Python.
Here's a screenshot of the Unix Auth:
![[Image: RUiWPbW.png]](http://i.imgur.com/RUiWPbW.png)
The password that user will input will not be visible as I've used getpass() module as a part of security
Security:
Without using a encoding to enccode the credentials that a user enters, whats the point of making a password manager? It's always supposed to make the credentials for your eyes only. Well the most basic encoding there I could find was base64 so everything you enter gets encoded in base64 and then It gets stored in the database. When you fetch the results from the database, it gets decoded on it's way to the output. Well if you have a better encryption then you are welcome to suggest
I believe that I got confused between Encryption and Encoding, hence speaking of base64 it's not secure at all as deque said hence I'll be implementing another one in the upcoming version!
Please be sure to install Simple PAM module in your python module repo before using my program, you can get Simple PAM from:
Code:
https://github.com/leonnnn/python3-simplepamSource Code:
Code:
import os, platform, base64, sqlite3, random, getpass
from simplepam import authenticate
class passmanager:
def auth(username, password): #Unix Authentication using PAM
if authenticate(username, password) == True:
return 'pass'
else:
return 'fail'
def encode(text): #Function to encrypt credentials details
try:
encoded = base64.b64encode(text.encode('utf8'))
return encoded
except TypeError:
return "Wrong User Input"
def decode(text): #Decodes the encrypted text after fetching credentials from database
try:
decoded = base64.b64decode(text)
return decoded
except TypeError:
passmanager.clear()
return "Wrong User Input"
def checkdatabase(): #Function to check whether the database exists or not
try:
with open('db.sql'): pass
except IOError:
passmanager.createdatabase()
def createdatabase(): #Create the Database
con = sqlite3.connect("db.sql")
cur = con.cursor()
cur.execute(""" CREATE TABLE passdb (username, password, description, dork BOOL) """)
cur.close()
cur.close()
def insert(username, password, description): #Insert Credentials into the database
try:
rand_id = random.randint(0, 1000)
if username == '': username = 'Unknown-%d' % rand_id
if password == '': password = 'Unknown-%d' % rand_id
if description == '': description = 'Unknown-%d' % rand_id
con = sqlite3.connect('db.sql')
cur = con.cursor()
cur.execute(""" INSERT INTO passdb (username, password, description) VALUES (?,?,?) """, (passmanager.encode(username), passmanager.encode(password), passmanager.encode(description)))
con.commit()
cur.close()
cur.close()
except sqlite3.OperationalError:
print('Database error, Make sure your database exists!')
input('Press any key to Continue...')
passmanager.clear()
def viewdb(): #View the whole credential Database
try:
string = ['Username:', 'Password:', 'Description:']
con = sqlite3.connect('db.sql')
cur = con.cursor()
cur.execute(""" SELECT * FROM passdb """)
getdb = cur.fetchall()
if len(getdb) == 0:
print(' ')
print('No Record Found!')
print(' ')
for items in getdb:
print(' ')
print("####################################")
for i in range(len(string)):
dec = passmanager.decode(items[i]).decode('utf8')
print(string[i], dec)
print("####################################")
input('Press any key to continue')
except sqlite3.OperationalError:
print('Database error, Make sure your database exists!')
input('Press any key to Continue...')
def search(user): #Function to search for the credentials using the username
try:
string = ['Username:', 'Password:', 'Description:']
con = sqlite3.connect('db.sql')
cur = con.cursor()
da = passmanager.encode(user)
cur.execute("""SELECT * FROM passdb WHERE username LIKE ?""", (da,))
find = cur.fetchall()
if len(find) == 0:
print(' ')
print('No data Found')
print(' ')
con.commit()
cur.close()
cur.close()
for terms in find:
print(' ')
print("####################################")
for i in range(len(string)):
dec = passmanager.decode(terms[i]).decode('utf8')
print(string[i], dec)
print("####################################")
input('Press any key to continue...')
except sqlite3.OperationalError:
print('Database error, Make sure your database exists!')
input('Press any key to Continue...')
passmanager.clear()
def delete(user): #Function to delete user from database
da = passmanager.encode(user)
con = sqlite3.connect('db.sql')
cur = con.cursor()
cur.execute("""DELETE FROM passdb WHERE username LIKE ?""", (da,))
con.commit()
cur.close()
cur.close()
input('Credential deleted!, Press any key to continue!')
def clear(): #Clear Screen
os.system('clear')
def menu(): #The main menu
passmanager.checkdatabase()
username = input('Enter your UNIX Username: ')
password = getpass.getpass()
if passmanager.auth(username, password) == 'pass':
passmanager.clear()
while True:
print("""
#############################################################
# #
# Password Manager V.1 #
# A small python database program to organize your #
# passwords #
# #
#############################################################
# By Ex094 Of Hackcommunity #
# http://ex094.blogspot.com # Type Help to view commands
#############################""")
cmd = input('>>> ')
if cmd == 'insert':
passmanager.clear()
username = input('Your username: ').strip()
password = input('Your password: ').strip()
description = input('Credential Description: ').strip()
passmanager.insert(username, password, description)
if cmd == 'search':
passmanager.clear()
user = input('Type the username to search in the database:')
passmanager.search(user)
if cmd == 'delete':
passmanager.clear()
user = input('Input your Credential Username: ').strip()
passmanager.delete(user)
if cmd == 'view':
passmanager.clear()
passmanager.viewdb()
if cmd == 'help':
passmanager.clear()
print("""
Password Manager
Version 1
Available Commands:
-------------------
Command - Function
insert Insert credentials into the database
view View the credential database
delete Delete a credential based on username
search Search for a credential detail using Username
exit Quit program
Coded By Ex094
http://ex094.bogspot.com
http://www.hackcommunity.com
""")
input('Press any key to continue...')
if cmd == 'exit':
break
else:
passmanager.clear()
else:
print('Sorry, Wrong Credentials')
os.system('exit')
passmanager.menu()Compiled Download:
You can download the compiled source from here:
Code:
http://ex094.uhosti.com/py/Encountered a bug? Report it in you comment!
Have Fun
Regards,
Ex094
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)