python3扫描本地所有gitlab仓的明文密码
需求:扫描/tmp/gitlab/ 目录下的所有gitlab仓库的文件中的明文密码
运行:python3 /tmp/v1.py /tmp/gitlab/ /tmp/password.txt
#!/usr/bin/python3
# encoding: utf-8
__Author__ = 'bo.hou'
__Date__ = '2021-09-02'
import os
import sys
import re
import multiprocessing
import subprocess
import gitlab
def update_gitlab_repo(repo_dir):
all_dirs_files = os.listdir(repo_dir)
for name_dir in all_dirs_files:
name_path = os.path.join(repo_dir, name_dir)
if os.path.isdir(name_path):
git_pull_cmd = " cd " + name_path + " && git pull "
code, result = subprocess.getstatusoutput(git_pull_cmd)
if code == 0:
print("git pull "+ name_path + " successd")
else:
print("git pull "+ name_path + " failed")
return 0
def get_repo_list(repo_dir_a):
repo_list=[]
all_dirs_files = os.listdir(repo_dir_a)
for name_dir in all_dirs_files:
name_path=os.path.join(repo_dir_a, name_dir)
if os.path.isdir(name_path):
repo_list.append(name_dir)
return repo_list
def get_branch_creater(repo_dir):
code, result = subprocess.getstatusoutput("cd " + repo_dir + " && git branch")
if len(result) !=0:
print("---------------------------------------------")
print("git branch " + repo_dir + " execute successd ")
current_branch=result.split(" ")[1]
print(repo_dir + " current_branch is : " + current_branch)
print("---------------------------------------------")
git_log_cmd = "cd " + repo_dir + ' && git log --oneline ' + current_branch + ' | cut -d " " -f 1 | tail -1 | xargs git log'
git_code, ret = subprocess.getstatusoutput(git_log_cmd)
ret_list = ret.split("\n")
return ret_list[1]
else:
print("git branch " + repo_dir + " execute failed ")
#git_log_cmd = "cd " + repo_dir + ' && git log --oneline ' + current_branch + ' | cut -d " " -f 1 | tail -1 | xargs git log'
#git_code, ret = subprocess.getstatusoutput(git_log_cmd)
#if git_code ==0:
# print("git log search user "+ repo_dir + " successd")
#else:
# print("git log search user "+ repo_dir + " failed")
#ret_list = ret.split("\n")
#return ret_list[1]
def scan_password(repo_dir, password_file):
repo_list = get_repo_list(repo_dir)
for repo_name in repo_list:
scan_repo_dir = os.path.join(repo_dir, repo_name)
creater = get_branch_creater(scan_repo_dir)
for root, dirs, files in os.walk(scan_repo_dir, topdown=True):
for name in files:
file_path = os.path.join(root, name)
from pathlib import Path
my_file_path = Path(file_path)
if my_file_path.exists():
with open(file_path, "r", encoding="iso-8859-1") as rf:
for file_content in rf.readlines():
pattern = re.compile(r'[\w]*password = "[\w]*"')
password_list = pattern.findall(file_content.strip())
with open(password_file, "a+", encoding="iso-8859-1") as wf:
for password_str in password_list:
print("--------------------write to file----------------------")
wf.write("repoity_name: " + repo_name.encode("utf-8").decode("latin1") + " file_path: " + file_path.encode("utf-8").decode("latin1") + " password: " + password_str.encode("utf-8").decode("latin1") + " creater: " + creater.encode("utf-8").decode("latin1") + "\n")
return 0
def main():
if len(sys.argv) < 3:
print("please input three args. include code_path and local_gitlab_dir and output_file_path! ")
sys.exit(1)
#gitlab_repo_dir = "/tmp/gitlab/"
#output_password_file_path = "/tmp/password-20210903.txt"
gitlab_repo_dir = sys.argv[1]
output_password_file_path = sys.argv[2]
if gitlab_repo_dir:
print("begin update code......")
code = update_gitlab_repo(gitlab_repo_dir)
else:
print("local gitlab repo not exist")
print("begin scan password......")
numList = []
for i in range(6):
p = multiprocessing.Process(target=scan_password, args=(gitlab_repo_dir,output_password_file_path))
#scan_password(gitlab_repo_dir,output_password_file_path)
numList.append(p)
p.start()
for i in numList:
i.join()
print("Process end.")
if __name__=="__main__":
main()
