forked from r4sas/PBinCLI
implement delete
update checks password sha256 digest used from hashlib
This commit is contained in:
parent
cdf2544da7
commit
421e287679
10
pbincli.py
10
pbincli.py
@ -1,4 +1,4 @@
|
|||||||
#! /usr/bin/env python2.7
|
#! /usr/bin/env python
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
import argparse
|
import argparse
|
||||||
@ -33,6 +33,14 @@ def main():
|
|||||||
get_parser.add_argument("-p", "--password", help="password for decrypting paste")
|
get_parser.add_argument("-p", "--password", help="password for decrypting paste")
|
||||||
get_parser.set_defaults(func=pbincli.actions.get)
|
get_parser.set_defaults(func=pbincli.actions.get)
|
||||||
|
|
||||||
|
delete_parser = subparsers.add_parser("delete", description="Delete paste from PrivateBin instance using token", usage="""
|
||||||
|
%(prog)s --paste aabb --token aabbcc"""
|
||||||
|
)
|
||||||
|
delete_parser.add_argument("-p", "--paste", required=True, help="paste id")
|
||||||
|
delete_parser.add_argument("-t", "--token", required=True, help="delete token")
|
||||||
|
delete_parser.add_argument("-d", "--debug", default=False, action="store_true", help="enable debug")
|
||||||
|
delete_parser.set_defaults(func=pbincli.actions.delete)
|
||||||
|
|
||||||
# parse arguments
|
# parse arguments
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
if hasattr(args, "func"):
|
if hasattr(args, "func"):
|
||||||
|
@ -1,8 +1,7 @@
|
|||||||
"""Action functions for argparser"""
|
import json, hashlib, ntpath, os, sys
|
||||||
import json, os, ntpath, sys
|
|
||||||
import pbincli.actions, pbincli.sjcl_simple
|
import pbincli.actions, pbincli.sjcl_simple
|
||||||
|
|
||||||
from base64 import b64encode, b64decode
|
from base64 import b64encode, b64decode
|
||||||
from Crypto.Hash import SHA256
|
|
||||||
from mimetypes import guess_type
|
from mimetypes import guess_type
|
||||||
from pbincli.transports import privatebin
|
from pbincli.transports import privatebin
|
||||||
from pbincli.utils import PBinCLIException, check_readable, check_writable, json_load_byteified
|
from pbincli.utils import PBinCLIException, check_readable, check_writable, json_load_byteified
|
||||||
@ -24,13 +23,13 @@ def send(args):
|
|||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
passphrase = b64encode(os.urandom(32))
|
passphrase = b64encode(os.urandom(32))
|
||||||
if args.debug: print("Passphrase:\t{}".format(b64encode(passphrase)))
|
if args.debug: print("Passphrase:\t{}".format(passphrase))
|
||||||
if args.password:
|
if args.password:
|
||||||
p = SHA256.new()
|
digest = hashlib.sha256(args.password.encode("UTF-8")).hexdigest()
|
||||||
p.update(args.password.encode("UTF-8"))
|
password = passphrase + digest.encode("UTF-8")
|
||||||
password = passphrase + p.hexdigest().encode("UTF-8")
|
|
||||||
else:
|
else:
|
||||||
password = passphrase
|
password = passphrase
|
||||||
|
|
||||||
if args.debug: print("Password:\t{}".format(password))
|
if args.debug: print("Password:\t{}".format(password))
|
||||||
|
|
||||||
if args.file:
|
if args.file:
|
||||||
@ -47,9 +46,9 @@ def send(args):
|
|||||||
cipherfile = pbincli.sjcl_simple.encrypt(password, file)
|
cipherfile = pbincli.sjcl_simple.encrypt(password, file)
|
||||||
cipherfilename = pbincli.sjcl_simple.encrypt(password, filename)
|
cipherfilename = pbincli.sjcl_simple.encrypt(password, filename)
|
||||||
|
|
||||||
"""Sending text from 'data' string"""
|
|
||||||
cipher = pbincli.sjcl_simple.encrypt(password, text)
|
cipher = pbincli.sjcl_simple.encrypt(password, text)
|
||||||
request = {'data':json.dumps(cipher, ensure_ascii=False).replace(' ',''),'expire':args.expire,'formatter':args.format,'burnafterreading':int(args.burn),'opendiscussion':int(args.discus)}
|
request = {'data':json.dumps(cipher, ensure_ascii=False).replace(' ',''),'expire':args.expire,'formatter':args.format,'burnafterreading':int(args.burn),'opendiscussion':int(args.discus)}
|
||||||
|
|
||||||
if cipherfile and cipherfilename:
|
if cipherfile and cipherfilename:
|
||||||
request['attachment'] = json.dumps(cipherfile, ensure_ascii=False).replace(' ','')
|
request['attachment'] = json.dumps(cipherfile, ensure_ascii=False).replace(' ','')
|
||||||
request['attachmentname'] = json.dumps(cipherfilename, ensure_ascii=False).replace(' ','')
|
request['attachmentname'] = json.dumps(cipherfilename, ensure_ascii=False).replace(' ','')
|
||||||
@ -57,42 +56,59 @@ def send(args):
|
|||||||
if args.debug: print("Request:\t{}".format(request))
|
if args.debug: print("Request:\t{}".format(request))
|
||||||
|
|
||||||
result, server = privatebin().post(request)
|
result, server = privatebin().post(request)
|
||||||
|
|
||||||
if args.debug: print("Response:\t{}\n".format(result.decode("UTF-8")))
|
if args.debug: print("Response:\t{}\n".format(result.decode("UTF-8")))
|
||||||
result = json.loads(result)
|
|
||||||
"""Standart response: {"status":0,"id":"aaabbb","url":"\/?aaabbb","deletetoken":"aaabbbccc"}"""
|
try:
|
||||||
if result['status'] == 0:
|
result = json.loads(result)
|
||||||
|
except ValueError as e:
|
||||||
|
print("PBinCLI Error: {}".format(e))
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
if 'status' in result and not result['status']:
|
||||||
print("Paste uploaded!\nPasteID:\t{}\nPassword:\t{}\nDelete token:\t{}\n\nLink:\t{}?{}#{}".format(result['id'], passphrase, result['deletetoken'], server, result['id'], passphrase))
|
print("Paste uploaded!\nPasteID:\t{}\nPassword:\t{}\nDelete token:\t{}\n\nLink:\t{}?{}#{}".format(result['id'], passphrase, result['deletetoken'], server, result['id'], passphrase))
|
||||||
|
elif 'status' in result and result['status']:
|
||||||
|
print("Something went wrong...\nError:\t\t{}".format(result['message']))
|
||||||
|
sys.exit(1)
|
||||||
else:
|
else:
|
||||||
print("Something went wrong...\nError:\t{}".format(result['message']))
|
print("Something went wrong...\nError: Empty response.")
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
|
|
||||||
def get(args):
|
def get(args):
|
||||||
paste = args.pasteinfo.split("#")
|
pasteid, passphrase = args.pasteinfo.split("#")
|
||||||
if paste[0] and paste[1]:
|
|
||||||
if args.debug: print("PasteID:\t{}\nPassphrase:\t{}".format(paste[0], paste[1]))
|
if pasteid and passphrase:
|
||||||
|
if args.debug: print("PasteID:\t{}\nPassphrase:\t{}".format(pasteid, passphrase))
|
||||||
|
|
||||||
if args.password:
|
if args.password:
|
||||||
p = SHA256.new()
|
digest = hashlib.sha256(args.password.encode("UTF-8")).hexdigest()
|
||||||
p.update(args.password.encode("UTF-8"))
|
password = passphrase + digest.encode("UTF-8")
|
||||||
passphrase = paste[1] + p.hexdigest().encode("UTF-8")
|
|
||||||
else:
|
else:
|
||||||
passphrase = paste[1]
|
password = passphrase
|
||||||
if args.debug: print("Password:\t{}".format(passphrase))
|
|
||||||
|
|
||||||
result = privatebin().get(paste[0])
|
if args.debug: print("Password:\t{}".format(password))
|
||||||
|
|
||||||
|
result = privatebin().get(pasteid)
|
||||||
else:
|
else:
|
||||||
print("PBinCLI error: Incorrect request")
|
print("PBinCLI error: Incorrect request")
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
if args.debug: print("Response:\t{}\n".format(result.decode("UTF-8")))
|
if args.debug: print("Response:\t{}\n".format(result.decode("UTF-8")))
|
||||||
|
|
||||||
result = json.loads(result)
|
try:
|
||||||
if result['status'] == 0:
|
result = json.loads(result)
|
||||||
|
except ValueError as e:
|
||||||
|
print("PBinCLI Error: {}".format(e))
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
if 'status' in result and not result['status']:
|
||||||
print("Paste received! Text inside:")
|
print("Paste received! Text inside:")
|
||||||
data = pbincli.utils.json_loads_byteified(result['data'])
|
data = pbincli.utils.json_loads_byteified(result['data'])
|
||||||
|
|
||||||
if args.debug: print("Text:\t{}".format(data))
|
if args.debug: print("Text:\t{}".format(data))
|
||||||
text = pbincli.sjcl_simple.decrypt(passphrase, data)
|
|
||||||
|
text = pbincli.sjcl_simple.decrypt(password, data)
|
||||||
print(text)
|
print(text)
|
||||||
|
|
||||||
check_writable("paste.txt")
|
check_writable("paste.txt")
|
||||||
@ -102,15 +118,19 @@ def get(args):
|
|||||||
|
|
||||||
if 'attachment' in result and 'attachmentname' in result:
|
if 'attachment' in result and 'attachmentname' in result:
|
||||||
print("Found file, attached to paste. Decoding it and saving")
|
print("Found file, attached to paste. Decoding it and saving")
|
||||||
|
|
||||||
cipherfile = pbincli.utils.json_loads_byteified(result['attachment'])
|
cipherfile = pbincli.utils.json_loads_byteified(result['attachment'])
|
||||||
cipherfilename = pbincli.utils.json_loads_byteified(result['attachmentname'])
|
cipherfilename = pbincli.utils.json_loads_byteified(result['attachmentname'])
|
||||||
|
|
||||||
if args.debug: print("Name:\t{}\nData:\t{}".format(cipherfilename, cipherfile))
|
if args.debug: print("Name:\t{}\nData:\t{}".format(cipherfilename, cipherfile))
|
||||||
attachmentf = pbincli.sjcl_simple.decrypt(passphrase, cipherfile)
|
|
||||||
attachmentname = pbincli.sjcl_simple.decrypt(passphrase, cipherfilename)
|
attachmentf = pbincli.sjcl_simple.decrypt(password, cipherfile)
|
||||||
|
attachmentname = pbincli.sjcl_simple.decrypt(password, cipherfilename)
|
||||||
|
|
||||||
attachment = str(attachmentf.split(',', 1)[1:])
|
attachment = str(attachmentf.split(',', 1)[1:])
|
||||||
file = b64decode(attachment)
|
file = b64decode(attachment)
|
||||||
filename = attachmentname
|
filename = attachmentname
|
||||||
|
|
||||||
if args.debug: print("Filename:\t{}\n".format(filename))
|
if args.debug: print("Filename:\t{}\n".format(filename))
|
||||||
|
|
||||||
check_writable(filename)
|
check_writable(filename)
|
||||||
@ -120,9 +140,54 @@ def get(args):
|
|||||||
|
|
||||||
if 'burnafterreading' in result['meta'] and result['meta']['burnafterreading']:
|
if 'burnafterreading' in result['meta'] and result['meta']['burnafterreading']:
|
||||||
print("Burn afrer reading flag found. Deleting paste...")
|
print("Burn afrer reading flag found. Deleting paste...")
|
||||||
result = privatebin().delete(paste[0], 'burnafterreading')
|
result = privatebin().delete(pasteid, 'burnafterreading')
|
||||||
|
|
||||||
if args.debug: print("Delete response:\t{}\n".format(result.decode("UTF-8")))
|
if args.debug: print("Delete response:\t{}\n".format(result.decode("UTF-8")))
|
||||||
|
|
||||||
else:
|
try:
|
||||||
print("Something went wrong...\nError:\t{}".format(result['message']))
|
result = json.loads(result)
|
||||||
|
except ValueError as e:
|
||||||
|
print("PBinCLI Error: {}".format(e))
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
if 'status' in result and not result['status']:
|
||||||
|
print("Paste successfully deleted!")
|
||||||
|
elif 'status' in result and result['status']:
|
||||||
|
print("Something went wrong...\nError:\t\t{}".format(result['message']))
|
||||||
|
sys.exit(1)
|
||||||
|
else:
|
||||||
|
print("Something went wrong...\nError: Empty response.")
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
elif 'status' in result and result['status']:
|
||||||
|
print("Something went wrong...\nError:\t\t{}".format(result['message']))
|
||||||
|
sys.exit(1)
|
||||||
|
else:
|
||||||
|
print("Something went wrong...\nError: Empty response.")
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
|
||||||
|
def delete(args):
|
||||||
|
pasteid = args.paste
|
||||||
|
token = args.token
|
||||||
|
|
||||||
|
if args.debug: print("PasteID:\t{}\nToken:\t\t{}".format(pasteid, token))
|
||||||
|
|
||||||
|
result = privatebin().delete(pasteid, token)
|
||||||
|
|
||||||
|
if args.debug: print("Response:\t{}\n".format(result.decode("UTF-8")))
|
||||||
|
|
||||||
|
try:
|
||||||
|
result = json.loads(result)
|
||||||
|
except ValueError as e:
|
||||||
|
print("PBinCLI Error: {}".format(e))
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
if 'status' in result and not result['status']:
|
||||||
|
print("Paste successfully deleted!")
|
||||||
|
elif 'status' in result and result['status']:
|
||||||
|
print("Something went wrong...\nError:\t\t{}".format(result['message']))
|
||||||
|
sys.exit(1)
|
||||||
|
else:
|
||||||
|
print("Something went wrong...\nError: Empty response.")
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
@ -1,9 +1,6 @@
|
|||||||
import requests
|
import requests
|
||||||
#import urllib
|
|
||||||
|
|
||||||
|
|
||||||
class privatebin(object):
|
class privatebin(object):
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self.proxies = {'http': 'http://127.0.0.1:4444'}
|
self.proxies = {'http': 'http://127.0.0.1:4444'}
|
||||||
self.server = 'http://paste.r4sas.i2p/'
|
self.server = 'http://paste.r4sas.i2p/'
|
||||||
|
@ -1,20 +1,23 @@
|
|||||||
"""Various code"""
|
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
|
|
||||||
|
|
||||||
class PBinCLIException(Exception):
|
class PBinCLIException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
def check_readable(f):
|
def check_readable(f):
|
||||||
"""Checks if path exists and readable"""
|
"""Checks if path exists and readable"""
|
||||||
if not os.path.exists(f) or not os.access(f, os.R_OK):
|
if not os.path.exists(f) or not os.access(f, os.R_OK):
|
||||||
raise PBinCLIException("Error accessing path: {}".format(f))
|
raise PBinCLIException("Error accessing path: {}".format(f))
|
||||||
|
|
||||||
|
|
||||||
def check_writable(f):
|
def check_writable(f):
|
||||||
"""Checks if path is writable"""
|
"""Checks if path is writable"""
|
||||||
if not os.access(os.path.dirname(f) or ".", os.W_OK):
|
if not os.access(os.path.dirname(f) or ".", os.W_OK):
|
||||||
raise PBinCLIException("Path is not writable: {}".format(f))
|
raise PBinCLIException("Path is not writable: {}".format(f))
|
||||||
|
|
||||||
|
|
||||||
"""http://stackoverflow.com/a/33571117"""
|
"""http://stackoverflow.com/a/33571117"""
|
||||||
def json_load_byteified(file_handle):
|
def json_load_byteified(file_handle):
|
||||||
return _byteify(
|
return _byteify(
|
||||||
@ -22,12 +25,14 @@ def json_load_byteified(file_handle):
|
|||||||
ignore_dicts=True
|
ignore_dicts=True
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def json_loads_byteified(json_text):
|
def json_loads_byteified(json_text):
|
||||||
return _byteify(
|
return _byteify(
|
||||||
json.loads(json_text, object_hook=_byteify),
|
json.loads(json_text, object_hook=_byteify),
|
||||||
ignore_dicts=True
|
ignore_dicts=True
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def _byteify(data, ignore_dicts = False):
|
def _byteify(data, ignore_dicts = False):
|
||||||
# if this is a unicode string, return its string representation
|
# if this is a unicode string, return its string representation
|
||||||
if isinstance(data, unicode):
|
if isinstance(data, unicode):
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
appdirs
|
appdirs
|
||||||
packaging
|
packaging
|
||||||
|
cffi
|
||||||
cryptography
|
cryptography
|
||||||
pycryptodome
|
pycparser
|
||||||
requests
|
requests
|
||||||
|
Loading…
x
Reference in New Issue
Block a user