-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpassdump-bitwarden-csv.py
executable file
·154 lines (113 loc) · 4.13 KB
/
passdump-bitwarden-csv.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
#!/usr/bin/env python3
import re
import os
import subprocess
EXCLUDE_ENTRIES_RE = r'(^\.git)' \
+ r'|\.gpg-id' \
+ r'|\.zip' \
+ r'|(-backup$)'
DOMAIN_RE = re.compile(r"^((?!-)[A-Za-z0-9-]" + "{1,63}(?<!-)\\.)" + "+[A-Za-z]{2,6}")
IP4_RE = r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
LOGIN_USERNAME_RE = r'^(?:user|login|username).* ?: ?(.*)$'
FIELD_RE = r'^(\S+): (\S+.*)$'
def traverse(directory):
pass_files = []
for root, dirs, files in os.walk(directory):
for name in files:
pass_files.append(os.path.join(root, name))
return pass_files
def _is_domain(component):
return re.search(DOMAIN_RE, component) \
or re.search(IP4_RE, component) \
or component.startswith("localhost")
def slurp_pass(entry):
content = subprocess.run(['pass', entry], check=True, capture_output=True)
return content.stdout.rstrip().decode("utf-8")
# Heuristic: if there are components after a domain-like one, then the
# last one is the username. TODO how do we build the name?
def extract_username_from_path(components):
username = ""
uri = ""
for idx, component in enumerate(components):
if _is_domain(component):
if idx == len(components)-1:
if '@' in components[-1]:
username = components[-1]
else:
# bw_username inside file
# print("__YYY", components[-1])
pass
elif idx == len(components)-2:
username = components[-1]
else:
# print("__XXX", components)
username = components[-1]
# Heuristic: URL usually the first component after the folder
if idx == 1 and components[0] == "http":
uri = "https://" + components[1]
break
return (username, uri)
def process_entry(entry):
components = entry.split('/')
# print(components)
# https://bitwarden.com/help/condition-bitwarden-import/#for-your-individual-vault
bw_row = {
'folder': "pass/" + components[0], # prefix to review after import
'favorite': None,
'type': "login",
'name': '/'.join(components[1:]),
'notes': [],
'fields': [],
'reprompt': None,
'login_uri': "",
'login_username': "",
'login_password': "",
}
(bw_row['login_username'],
bw_row['login_uri']) = extract_username_from_path(components)
if bw_row['login_username']:
bw_row['name'] = '/'.join(components[1:-1])
lines = slurp_pass(entry).split('\n')
bw_row['login_password'] = lines[0]
for line in lines[1:]:
match = re.search(LOGIN_USERNAME_RE, line, re.I | re.M)
if match:
if not bw_row['login_username']:
bw_row['login_username'] = match.group(1)
continue
match = re.search(FIELD_RE, line, re.I | re.M)
if match:
bw_row['fields'].append(line)
continue
bw_row['notes'].append(line)
if not bw_row['login_username']:
print("__NO_USERNAME:", entry)
# print(bw_row['name'])
print('.', end='', flush=True)
bw_row['notes'] = '\n'.join(bw_row['notes'])
bw_row['fields'] = '\n'.join(bw_row['fields'])
return bw_row
def write_csv(data, output_file):
import csv
with open(output_file, 'w', newline='') as csv_file:
writer = csv.DictWriter(csv_file, fieldnames=list(data[0].keys()))
writer.writeheader()
for row in data:
writer.writerow(row)
def main():
home = os.environ['HOME']
store_path = os.path.join(home, ".password-store")
encrypted_files = traverse(store_path)
entries = []
for path in encrypted_files:
match = re.search(r'^' + store_path + r'\/(.*)\.gpg$', path)
if match:
entry = match.group(1)
exclude = re.search(re.compile(EXCLUDE_ENTRIES_RE), entry)
if exclude:
print("_EXCLUDED: ", exclude.group(0))
continue
entries.append(process_entry(entry))
write_csv(entries, "bw.csv")
if __name__ == '__main__':
main()