Giter VIP home page Giter VIP logo

password_scanner's Introduction

Clear-Text-Password-Scanner-in-Windows-Share-Drive

Clear text password is always an issue to corporate environment and from time to time we will see clear text password stored in windows share drive that has beens shared to public. To identify these password files, a script was created to automatically manage it.

The scripts are written in Python 3.

Indexing the directory

  1. You will need to amend the dirlist.py to edit the directory you want to scan through 
    # put your path here 
# Network SMB path you want to search 
root_dir = ("xxxxxx", "etc.")
# location where you want to put the result 
stored_dir = 'xxxxxxxxx'
# exception you want to filter
exception_path = ["snapshot"]
  2. Run the script python dirlist.py It can take a few days to complete the scanning for > 1M files and over hundreds folder. Afterwards, it will be broken down into multiple files with all the files listed. Each of the file will have 1000 entries. alt text

Identify Clear-Text Passwords in the directory

  1. Install pandas 
    pip install pandas textract
  2. Edit scan.py to include the directory and keywords you want to scan 
     # Please input the keywords you want to search here: 
 keyword= ['password:','pwd:','pass:','pwd=','password=','pass=','password>','pwd>']
 # Please input the path for the searched list of directory 
 path = "C:\\Temp\\dir"
 date2 = datetime.datetime.now()
 date = date2.strftime("%Y-%m-%d")
 # Any exception you want to exclude, please put it down here. 
 exceptionpath = 'C:\\~file\\'
 # Output File format and location 
 outputfile ='C:\\Temp\\result\\tempresult' + date+ '.txt'
 errorfile = 'C:\\Temp\\result\\error' + date + '.txt'
 finalfile = 'C:\\Temp\\result\\finalresult' + date + '.csv'
 # the type of file supported
 textract_ext = ['docx','eml','epub','msg','pptx','ps','txt','xlsx','xls','rtf','pdf']
 native_ext = ['template','conf','config','deploy','bat','vbs','LOG','xml','cmd','vb','py','pl','csv','html','json','htm']
 # Known false positive you want to exclude, an example has been uploaded to github as well (fp.csv). Follow that template to upload known false positive path to be eliminate from the result. 
 fp = 'C:\\Temp\\result\\fp.csv'
 # Knwon folder owner and their email address 
 softfolder = 'C:\\Temp\\result\\folder_owner.csv'
  3. After editing it you could run it by typing python scan.py alt text

password_scanner's People

Contributors

dingtoffee avatar

Watchers

avatar

Forkers

rtulke

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.