Home > OS >  Powershell script to verify if files in a directory contain passwords
Powershell script to verify if files in a directory contain passwords

Time:12-15

I have a PS script that downloads packages to audit them. I want to check if any of the .txt, .json or .config files are storing passwords or usernames. (which they should not).

I am searching the files using the Get-ChildItem function. A file like below is what I would be searching through. I need to clarify if its a placeholder or if there is an actual password stored in the file.

I need to come up with a way to see if the Username or Password contain values or if its just a place holder. I have unzipped the package and getting the items from the unzipped location

$folders = Get-ChildItem $unzipLocation
    foreach ($folder in $folders) {
    $files = Get-ChildItem $folder.FullName

    foreach ($file in $files) {

#Search unzipped file to see if they store a password
$content = Get-Childitem $unzipLocation -Include *.json, *.txt, *.config -Recurse | Select-String -Pattern "password", "pwd", "user", "usr"

The content returns where Username or Password is located in a file: enter image description here

The next line in the script will be to verify if the file contains a value in the Password field.

The file looks like:

{
"info": {
    "_postman_id": "70134a48-94c1-45ac-a1f0-4b84ccc7e71c",
    "name": "Analytical Report API tests",
    "schema": ""
},
"item": [
    {
        "name": "1. Login using test user",
        "event": [
            {
                "listen": "test",
                "script": {
                    "exec": [
                        "var jsonData = JSON.parse(responseBody);\r",
                        "pm.collectionVariables.set(\"token\", jsonData.access_token);\r",
                        "\r",
                        "pm.test(\"Login test\", () => {\r",
                        "    pm.response.to.have.status(201);\r",
                        "});"
                    ],
                    "type": "text/javascript"
                }
            }
        ],
        "request": {
            "method": "POST",
            "header": [
                {
                    "key": "Content-Type",
                    "value": "application/json"
                }
            ],
            "body": {
                "mode": "raw",
                "raw": "{\n    \"partnerCode\": \"{{partner}}\",\n    \"password\": \"{{password}}\",\n    \"userName\": \"{{userName}}\"\n}"
            },
            "url": {
                "raw": "{{authBaseUrl}}/api/v1/Users/token",
                "host": [
                    "{{authBaseUrl}}"
                ],
                "path": [
                    "api",
                    "v1",
                    "Users",
                    "token"
                ]
            }
        },
        "response": []
"variable": [
    {
        "key": "token",
        "value": ""
    },
    {
        "key": "currentARCode",
        "value": ""
    },
    {
        "key": "currentAR",
        "value": ""
    },
    {
        "key": "authBaseUrl",
        "value": ""
    },
    {
        "key": "arBaseUrl",
        "value": ""
    },
    {
        "key": "fromNumberOfDaysFilter",
        "value": ""
    },
    {
        "key": "userName",
        "value": ""
    },
    {
        "key": "password",
        "value": ""
    },

Is there a regex function I can use to verify this?

CodePudding user response:

If the pattern is json(doesnt matter if its in text file) then you can directly use convertfrom-json instead of regex. I just took the same which can be used as below:

$a = @'
    [   
        {
            "authBaseUrl": "#{AuthAPIServerURL}",
            "arBaseUrl": "#{APIServerURL}",
            "partner": "EUPLKA",
            "fromNumberOfDaysFilter": 90,
            "password": "",
            "userName": ""
        }
    ]
'@
    
    $inp= ConvertFrom-Json $a
    
    If( ($inp.username.trim().Length -gt 0) -or ($inp.password.trim().Length -gt 0) ) 
    {
    echo "yes - either the username or the password field is having value"
    }
    else 
    {
    echo "false- None of the username of password field is having any value"
    }

Note: Make sure that while taking the input, the declaration in array must be on the beginning of the line. I have considered the length of the username and password field but you can have your own regex to see if there is any character.

CodePudding user response:

This is overly complicated but I don't see an easier way of doing it. It should be able to capture both, files with pwd or password and usr or username, in addition it should capture files that have one or the other, i.e.: password is there but no user (see Index 4).

To see the regex details: https://regex101.com/r/IsHg8O/1

$re = [regex]'(?msi)(pwd|password).*?\{\{(.*?)\}\}|(usr|username).*?\{\{(.*?)\}\}'

Get-Childitem $unzipLocation -Include *.json, *.txt, *.config -Recurse |
ForEach-Object -Begin { $z = 0 } -Process {
    $match = $re.Matches((Get-Content $_ -Raw))
    foreach($i in $match)
    {
        if($group = $i.Groups.Where({$_.Success}))
        {
            [pscustomobject]@{
                Index = $z
                Match = $group[1].Value
                Value = $group[2].Value
                Path  = $_.FullName
            }
        }
    }
    $z      
}

Sample

Index Match    Value            Path
----- -----    -----            ----
    0 password password         /home/user/json1.txt
    0 userName userName         /home/user/json1.txt
    1 pwd      d]5!bT8**<\fcaY? /home/user/json2.txt
    1 usr      example.user1    /home/user/json2.txt
    2 password h Rq~           
  • Related