felix
/
passwordify_html
1
0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
3 Commits
1 Branch
26 KiB
 
 
 
Branch: main
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de main
${ noResults }
passwordify_html/passwordify_html.py

132 linhas
4.6 KiB
Original Link permanente Anotar Histórico 

  1. #!/usr/bin/env python3

  2. import argparse

  3. import pyaes

  4. import os

  5. import sys

  6. import random

  7. import string

  8. 

  9. sample_usage = """example:

  10.   python passwordify_html.py file.html --password "this is the password"

  11.   python passwordify_html.py file.html --password "this is the password" --master-password "master-password"

  12. """

  13. 

  14. parser = argparse.ArgumentParser(description="Generate a chart showing character traits.",

  15.                                  epilog=sample_usage,

  16.                                  formatter_class=argparse.RawDescriptionHelpFormatter)

  17. 

  18. parser.add_argument('input_file',  type=str, metavar="input",

  19.                     help='the html file')

  20. parser.add_argument("--password",        "-p", dest="password",

  21.                     required=False, type=str, metavar="page password",

  22.                     help="The names of the character traits")

  23. parser.add_argument("--master-password", "-m", dest="master_password",

  24.                     required=False, type=str, metavar="master password",

  25.                     help="The values for the character traits")

  26. parser.add_argument("--output",          "-o", dest="output_file",

  27.                     required=False, type=str, metavar="output",

  28.                     help="The file which should be created")

  29. 

  30. args = parser.parse_args()

  31. 

  32. script_dir = os.path.dirname(__file__)

  33. 

  34. # passwords length must be in [16, 24, 32]

  35. # at least one must be supplied, the other is chosen random

  36. if args.password:

  37.     assert(len(args.password) in [16, 24, 32])

  38.     if not args.master_password:

  39.         args.master_password = "".join(random.choice(string.ascii_letters) for i in range(32))

  40. elif args.master_password:

  41.     assert(len(args.master_password) in [16, 24, 32])

  42.     if not args.password:

  43.         args.password = "".join(random.choice(string.ascii_letters) for i in range(32))

  44. else:

  45.     assert(not "At least one of password or master password must be supplied")

  46. 

  47. 

  48. # if no out_file was passed, append .pw.html to in_file

  49. in_file  = args.input_file

  50. out_file = args.output_file

  51. if not out_file:

  52.     out_file = f"{in_file}.pw.html"

  53. 

  54. print(f"passwordifying {in_file} -> {out_file}")

  55. 

  56. # read the whole html file

  57. with open(in_file, "r") as in_file_handle:

  58.     text =  in_file_handle.read()

  59. 

  60. # if the html has no body tag, then just copy it over

  61. if "<body" not in text:

  62. 

  63.     sys.exit(0)

  64. 

  65. initial_counter = random.choice(list(range(128)))

  66. 

  67. # generate a real key

  68. real_key = "".join(random.choice(string.ascii_letters) for i in range(32)).encode("utf-8")

  69. 

  70. aes = pyaes.AESModeOfOperationCTR(args.password.encode("utf-8"),

  71.                                   counter=pyaes.Counter(initial_value=initial_counter))

  72. org_key_enc_real_key = aes.encrypt(real_key).hex()

  73. 

  74. aes = pyaes.AESModeOfOperationCTR(args.master_password.encode("utf-8"),

  75.                                   counter=pyaes.Counter(initial_value=initial_counter))

  76. master_key_enc_real_key = aes.encrypt(real_key).hex()

  77. 

  78. 

  79. #extract header, body, and footer

  80. text_list = text.split("<body")

  81. # assert that the <body> tag only appears once

  82. if len(text_list) != 2:

  83.     print(f"len(text_list) is {len(text_list)}")

  84.     assert(False)

  85. 

  86. header = text_list[0]

  87. text_list = text_list[1].split("</body>")

  88. # assert that the </body> tag only appears once

  89. assert(len(text_list) == 2)

  90. body, footer = text_list

  91. 

  92. # read in the decipher function text

  93. with open(os.path.join(script_dir, "decipher.js"), "r") as decipher_file:

  94.     decipher_function_text = decipher_file.read()

  95. 

  96. # read in the html input prompt

  97. with open(os.path.join(script_dir, "input_form.html"), "r") as html_prompt_file:

  98.     html_prompt_text = html_prompt_file.read()

  99. 

  100. 

  101. # have a "correct_marker" so the decrypter can check if the password was correct

  102. # by identifiying if the decryped text ends with the correct_marker

  103. correct_key_marker = "<!--Correct Key-->"

  104. body = body + correct_key_marker

  105. aes = pyaes.AESModeOfOperationCTR(real_key,

  106.                                   counter=pyaes.Counter(initial_value=initial_counter))

  107. 

  108. real_key_enc_body = aes.encrypt(body.encode("utf-8")).hex()

  109. header = header.replace("</head>", f"""

  110. <script type="text/javascript" src="https://cdn.rawgit.com/ricmoo/aes-js/e27b99df/index.js"></script>

  111. <script>

  112.   var master_key_enc_real_key = "{master_key_enc_real_key}";

  113.   var org_key_enc_real_key    = "{org_key_enc_real_key}";

  114.   var correct_key_marker      = "{correct_key_marker}"

  115.   var initial_counter         =  {initial_counter};

  116.   var enc_hex_body            = "{real_key_enc_body}";

  117. </script>

  118. <script>

  119. {decipher_function_text}

  120. </script>

  121. </head>""")

  122. text = " ".join([header, f"""

  123. <body>

  124. {html_prompt_text}

  125. </body>""", footer])

  126. 

  127. # write html to new location

  128. with open(out_file, "wb") as new_html:

  129.         new_html.write(text.encode('utf-8'))

  130. 

  131. print(f"successfully passwordified {in_file}")