Hi Simon
One of the problems is that you might have saved www.domain.tld or
sub.domain.tld in your password-store. They wouldn't match the cfbleed
domain list, as they are only domain.tld.
Another thought I had was just to limit the password-store entries to
domain.tld but then special cases like domain.co.uk wouldn't be missed.
For that reason I iterate every entry in the cfbleed list over the
entries found in the password-store.
Stephan
On 25.02.2017 14:37, Simon Lackerbauer wrote:
This seems unnecessarily complex. I just cobbled together something real
quick, which works well for my usecase with filenames being domain
names, mostly at the password-store root, some in subdirectories:
#!/bin/bash
CLOUDFLARE_FILE=~/sorted_unique_cf.txt
PASS_STORE=~/dev/password-store/
find ${PASS_STORE} -not -path '*/\.*' -type f -follow -print | while
read f; do
base_filename=${f##*/}
base_filename_without_gpg=${base_filename%.*}
grep -Fx "${base_filename_without_gpg}" ${CLOUDFLARE_FILE}
done
Does the job in about 4 seconds for my ~200 passwords. And apparently
uber.com and patreon.com are affected.
Cheers,
Simon
On 02/24/2017 01:13 PM, [email protected] wrote:
Hi there
Just learnt today about the cloudflare fiasco. Good that I use pass and
have seperate passwords for things.
Also, usually I store stuff in Web\domain.tld when I need to make an
account at domain.tld.
So, I wrote a small bash script that allows to check the Cloudflare
domain list with your pass entries to see, if there are services that
you use that could be compromised.
The current cloudflare domain list can be found here:
https://github.com/pirate/sites-using-cloudflare
I'm not sure how accurate that is but it has over 4 million domains.
Since the script uses bash and bash isn't so slow, it takes quite a
while to parse everything (still parsing on my system).
Basically what the script does is build an array of your pass entries -
omitting the .gpg and the path.
Then it reads out the first 1000 entries in the cloudflare list and
iterates them over each pass entry. If there's a match, it should write
to a seperate text file.
All you have to do is download the attached script, set the path to your
password-store and the cloudflare domain list and let it run. As said,
it will take quite a long time.
Feel free to improve the script ;)
Stephan
_______________________________________________
Password-Store mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/password-store
_______________________________________________
Password-Store mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/password-store
