Skip to content

bsidestlv/badpass

BranchesTags

Repository files navigation

<<<<<<< HEAD

BadPass

A shared password manager that uses GitHub as a backend for syncing. All passwords are encrypted with AES256, and each user has their own password that encrypts/decrypts the shared master key.

Features

  • Shared Access: Multiple users can access the same password database
  • GitHub Sync: Uses git operations to sync with GitHub repositories
  • Strong Encryption: AES256-GCM encryption for all sensitive data
  • User Management: Each user has their own password to access the shared master key

Installation

  1. Clone this repository:
git clone <repository-url>
cd BadPass
  1. Install dependencies:
pip install -r requirements.txt
  1. Install the package (optional, for CLI command):
pip install -e .

Usage

Initialize Repository

To initialize a new repository or clone an existing one:

# Initialize a new repository
badpass init

# Clone from GitHub
badpass init https://github.com/username/password-repo.git

Add a User

The first user will generate the master key. Subsequent users will encrypt the same master key with their password:

badpass add-user <username>

Add a Password Entry

badpass add-password <name> <username> <password> [--notes "Optional notes"]

Example:

badpass add-password Gmail user@example.com mypassword123 --notes "Personal email"

Get a Password Entry

badpass get-password <name>

List All Passwords

badpass list-passwords

Delete a Password Entry

badpass delete-password <name>

Sync with GitHub

Pull latest changes from the remote repository:

badpass sync

How It Works

  1. Master Key: All password entries are encrypted with a single master key (32 bytes)
  2. User Authentication: Each user has their own password that is hashed with SHA256 and used to encrypt/decrypt the master key
  3. Password Storage: Individual password entries are encrypted with the master key using AES256-GCM
  4. Git Sync: The database (passwords.json) is stored in a git repository and synced via standard git operations

Database Format

The database is stored as passwords.json with the following structure:

{
  "users": [
    {
      "username": "alice",
      "encrypted_master_key": "<base64-encoded encrypted master key>"
    }
  ],
  "passwords": [
    {
      "name": "Gmail",
      "username": "user@example.com",
      "encrypted_password": "<base64-encoded encrypted password>",
      "notes": "Optional notes"
    }
  ]
}

Security Considerations

  • All passwords are encrypted before storage
  • Master key is never stored in plaintext
  • User passwords are hashed with SHA256 before use
  • AES256-GCM provides authenticated encryption
  • Sensitive data is cleared from memory when possible

Requirements

  • Python 3.8+
  • Git (for repository operations)
  • cryptography library

License

MIT License

=======

badpass

a13d9714cf5513a840f357ff08689d175c4c82a3

About

The worst password manager

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages