thieve 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9de5bc6aa2ca34e66cfc680f9f4f82ff12b32528
+  data.tar.gz: fccccdb67a5393b0367feb04f67179e4206e990d
+SHA512:
+  metadata.gz: a06e491e0ccf98c1de44e5b8735aca3d8fc877e7420338f1db15fcd57d24aaba8e0f4246e9fe945b2e5f04f8c275c00a26021c9477445d67551dd5a822b4ae6d
+  data.tar.gz: 87fbcbe90eb592f8ffa029db2c70e87fedc2ef9f74333588ef65401bbf078591333d57cdc5ca2514c42ca5fbb74635798761e8b966dd8fe4013a4420ce2f341e

data/bin/thieve

@@ -0,0 +1,123 @@
+#!/usr/bin/env ruby
+
+require "io/wait"
+require "optparse"
+require "string"
+require "thieve"
+
+class ThieveExit
+    GOOD = 0
+    INVALID_OPTION = 1
+    INVALID_ARGUMENT = 2
+    MISSING_ARGUMENT = 3
+    EXTRA_ARGUMENTS = 4
+    EXCEPTION = 5
+end
+
+def parse(args)
+    options = Hash.new
+    options["export"] = nil
+    options["verbose"] = false
+
+    info = "Searches through provided directories, looking for " \
+        "private/public keys and certs. Then extracts, " \
+        "fingerprints, and attempts to match keys with certs."
+
+    parser = OptionParser.new do |opts|
+        opts.banner = "Usage: #{File.basename($0)} [OPTIONS] <dir>..."
+
+        opts.on(
+            "-e",
+            "--export=DIRECTORY",
+            "Export keys to specified directory"
+        ) do |directory|
+            options["export"] = Pathname.new(directory).expand_path
+        end
+
+        opts.on("-h", "--help", "Display this help message") do
+            puts opts
+            exit ThieveExit::GOOD
+        end
+
+        opts.on("--nocolor", "Disable colorized output") do
+            String.disable_colorization = true
+        end
+
+        opts.on(
+            "-v",
+            "--verbose",
+            "Show backtrace when error occurs"
+        ) do
+            options["verbose"] = true
+        end
+
+        opts.on("", info.word_wrap)
+    end
+
+    begin
+        parser.parse!
+    rescue OptionParser::InvalidOption => e
+        puts e.message
+        puts parser
+        exit ThieveExit::INVALID_OPTION
+    rescue OptionParser::InvalidArgument => e
+        puts e.message
+        puts parser
+        exit ThieveExit::INVALID_ARGUMENT
+    rescue OptionParser::MissingArgument => e
+        puts e.message
+        puts parser
+        exit ThieveExit::MISSING_ARGUMENT
+    end
+
+    if (args.length < 1)
+        puts parser
+        exit ThieveExit::MISSING_ARGUMENT
+    end
+
+    options["dirs"] = args
+
+    return options
+end
+
+options = parse(ARGV)
+
+begin
+    thieve = Thieve.new(!String.disable_colorization)
+    options["dirs"].each do |dir|
+        thieve.steal_from(dir)
+    end
+    thieve.find_matches
+
+    export_thread = nil
+    if (options["export"])
+        export_thread = Thread.new do
+            thieve.export_loot(options["export"])
+        end
+    end
+
+    puts thieve.to_s
+    export_thread.join if (export_thread)
+rescue Interrupt
+    # ^C
+    # Exit gracefully
+rescue Errno::EPIPE
+    # Do nothing. This can happen if piping to another program such as
+    # less. Usually if less is closed before we're done with STDOUT.
+rescue Thieve::Error => e
+    puts e.message
+    exit ThieveExit::EXCEPTION
+rescue Exception => e
+    $stderr.puts "Oops! Looks like an error has occured! Maybe the " \
+        "message below will help. If not, you can use the " \
+        "--verbose flag to get a backtrace.".word_wrap
+
+    $stderr.puts e.message.white.on_red
+    if (options["verbose"])
+        e.backtrace.each do |line|
+            $stderr.puts line.light_yellow
+        end
+    end
+    exit ThieveExit::EXCEPTION
+end
+exit ThieveExit::GOOD

data/lib/string.rb

@@ -0,0 +1,12 @@
+# Modify String class to allow for rsplit and word wrap
+class String
+    def rsplit(pattern)
+        ret = rpartition(pattern)
+        ret.delete_at(1)
+        return ret
+    end
+
+    def word_wrap(width = 80)
+        return scan(/\S.{0,#{width}}\S(?=\s|$)|\S+/).join("\n")
+    end
+end

data/lib/thieve/error.rb

@@ -0,0 +1,4 @@
+class Thieve::Error < RuntimeError
+end
+
+# require "thieve/error/executable_not_found_error"

data/lib/thieve/key_info.rb

@@ -0,0 +1,162 @@
+require "digest"
+require "fileutils"
+require "openssl"
+
+class Thieve::KeyInfo
+    # File extension to use when exporting
+    attr_reader :ext
+
+    # File that the key was found in
+    attr_reader :file
+
+    # The fingerprint
+    attr_reader :fingerprint
+
+    # The actual key
+    attr_reader :key
+
+    # The matching cert/key
+    attr_accessor :match
+
+    # The OpenSSL object
+    attr_reader :openssl
+
+    # Type of key/cert
+    attr_reader :type
+
+    def colorize_file(file = @file)
+        return file if (!@colorize)
+        return file.to_s.light_blue
+    end
+    private :colorize_file
+
+    def colorize_key(key = @key)
+        return key if (!@colorize)
+        return key.split("\n").map do |line|
+            line.light_white
+        end.join("\n")
+    end
+    private :colorize_key
+
+    def colorize_match(match = @match)
+        return "" if (match.nil?)
+        return "Matches #{match}" if (!@colorize)
+        return [
+            "Matches".light_blue,
+            match.light_green
+        ].join(" ")
+    end
+    private :colorize_match
+
+    def export(directory)
+        FileUtils.mkdir_p(directory)
+        File.open("#{directory}/#{@fingerprint}.#{@ext}", "w") do |f|
+            f.write(@key)
+        end
+    end
+
+    def initialize(file, type, key, colorize)
+        @colorize = colorize
+        @ext = type.gsub(/ +/, ".").downcase
+        @file = file
+        @key = key
+        @match = nil
+        @type = type
+
+        case @type
+        when "CERTIFICATE"
+            @openssl = OpenSSL::X509::Certificate.new(@key)
+            @fingerprint = OpenSSL::Digest::SHA1.hexdigest(
+                @openssl.to_der
+            ).to_s
+        when "CERTIFICATE REQUEST"
+            @openssl = OpenSSL::X509::Request.new(@key)
+            @fingerprint = OpenSSL::Digest::SHA1.hexdigest(
+                @openssl.to_der
+            ).to_s
+        when "DH PARAMETERS"
+            @openssl = OpenSSL::PKey::DH.new(@key)
+            @fingerprint = OpenSSL::Digest::SHA1.hexdigest(
+                @openssl.public_key.to_der
+            ).to_s
+        when "DH PRIVATE KEY"
+            @openssl = OpenSSL::PKey::DH.new(@key)
+            @fingerprint = OpenSSL::Digest::SHA1.hexdigest(
+                @openssl.public_key.to_der
+            ).to_s
+        when "DSA PRIVATE KEY"
+            @openssl = OpenSSL::PKey::DSA.new(@key)
+            @fingerprint = OpenSSL::Digest::SHA1.hexdigest(
+                @openssl.public_key.to_der
+            ).to_s
+        when "EC PARAMETERS"
+            @openssl = OpenSSL::PKey::EC.new(@key)
+            @fingerprint = OpenSSL::Digest::SHA1.hexdigest(
+                @openssl.public_key.to_der
+            ).to_s
+        when "EC PRIVATE KEY"
+            @openssl = OpenSSL::PKey::EC.new(@key)
+            @fingerprint = OpenSSL::Digest::SHA1.hexdigest(
+                @openssl.public_key.to_der
+            ).to_s
+        when "PGP PRIVATE KEY BLOCK"
+            command = "gpg --with-fingerprint << EOF\n#{@key}\nEOF"
+            %x(#{command}).each_line do |line|
+                line.match(/Key fingerprint = (.*)/) do |m|
+                    @fingerprint = m[1].gsub(" ", "").downcase
+                end
+            end
+            @openssl = nil
+        when "PGP PUBLIC KEY BLOCK"
+            command = "gpg --with-fingerprint << EOF\n#{@key}\nEOF"
+            %x(#{command}).each_line do |line|
+                line.match(/Key fingerprint = (.*)/) do |m|
+                    @fingerprint = m[1].gsub(" ", "").downcase
+                end
+            end
+            @openssl = nil
+        when "PRIVATE KEY"
+            @openssl = OpenSSL::PKey::RSA.new(@key)
+            @fingerprint = OpenSSL::Digest::SHA1.hexdigest(
+                @openssl.public_key.to_der
+            ).to_s
+        when "PUBLIC KEY"
+            @openssl = OpenSSL::PKey::RSA.new(@key)
+            @fingerprint = OpenSSL::Digest::SHA1.hexdigest(
+                @openssl.public_key.to_der
+            ).to_s
+        when "RSA PRIVATE KEY"
+            @openssl = OpenSSL::PKey::RSA.new(@key)
+            @fingerprint = OpenSSL::Digest::SHA1.hexdigest(
+                @openssl.public_key.to_der
+            ).to_s
+        when "X509 CRL"
+            @openssl = OpenSSL::X509::CRL.new(@key)
+            @fingerprint = OpenSSL::Digest::SHA1.new(
+                @openssl.to_der
+            ).to_s
+        else
+            @ext = "unknown"
+            @fingerprint = Digest::SHA256.hexdigest(@file.to_s + @key)
+            @openssl = nil
+        end
+    end
+
+    def to_json
+        return {
+            "file" => file,
+            "fingerprint" => fingerprint,
+            "key" => key,
+            "match" => match || "",
+            "type" => type
+        }
+    end
+
+    def to_s
+        ret = Array.new
+        ret.push(colorize_file)
+        ret.push(colorize_key)
+        ret.push(colorize_match) if (@match)
+        return ret.join("\n")
+    end
+end

data/lib/thieve.rb

@@ -0,0 +1,143 @@
+require "colorize"
+require "io/wait"
+require "json"
+require "pathname"
+
+class Thieve
+    attr_accessor :loot
+
+    def colorize_type(type)
+        return type if (!@colorize)
+        return type.light_cyan
+    end
+    private :colorize_type
+
+    def export_loot(dir)
+        exported = Hash.new
+        @loot.each do |type, keys|
+            keys.each do |key|
+                key.export(dir)
+                exported[key.type] ||= Hash.new
+                exported[key.type]["#{key.fingerprint}.#{key.ext}"] =
+                    key.to_json
+            end
+        end
+        File.open("#{dir}/loot.json", "w") do |f|
+            f.write(JSON.pretty_generate(exported))
+        end
+    end
+
+    def extract_from(file)
+        start = false
+        key = ""
+
+        File.open(file).each do |line|
+            if (line.include?("BEGIN"))
+                start = true
+            end
+
+            if (start)
+                key += line.unpack("C*").pack("U*").lstrip.rstrip
+                if (key.end_with?("\\n\\"))
+                    key = key[0..-4]
+                end
+                key += "\\n"
+            end
+
+            if (line.include?("END"))
+                key.scan(/(-----BEGIN(.*)[^-]+-----END\2)/) do |m, t|
+                    keydata = m.gsub(/\\+n/, "\n").chomp
+                    type = t.gsub(/-----.*/, "").strip
+
+                    @loot[type] ||= Array.new
+                    begin
+                        @loot[type].push(
+                            Thieve::KeyInfo.new(
+                                file,
+                                type,
+                                keydata,
+                                @colorize
+                            )
+                        )
+                    rescue Exception => e
+                        if (@colorize)
+                            $stderr.puts file.to_s.light_blue
+                            keydata.each_line do |line|
+                                $stderr.puts line.strip.light_yellow
+                            end
+                            $stderr.puts e.message.white.on_red
+                        else
+                            $stderr.puts file
+                            $stderr.puts keydata
+                            $stderr.puts e.message
+                        end
+                        $stderr.puts
+                    end
+                end
+
+                start = false
+                key = ""
+            end
+        end
+    end
+    private :extract_from
+
+    def find_matches
+        @loot["CERTIFICATE"].each do |cert|
+            next if (cert.openssl.nil?)
+            @loot.each do |type, keys|
+                next if (type == "CERTIFICATE")
+                keys.each do |key|
+                    next if (key.openssl.nil?)
+                    if (cert.openssl.check_private_key(key.openssl))
+                        cert.match = "#{key.fingerprint}.#{key.ext}"
+                        key.match = "#{cert.fingerprint}.#{cert.ext}"
+                    end
+                end
+            end
+        end
+    end
+
+    def initialize(colorize = false)
+        @colorize = colorize
+        @loot = Hash.new
+    end
+
+    def steal_from(filename)
+        file = Pathname.new(filename).expand_path
+
+        if (file.directory?)
+            files = Dir[File.join(file, "**", "*")].reject do |f|
+                Pathname.new(f).directory? || Pathname.new(f).symlink?
+            end
+
+            files.each do |f|
+                extract_from(Pathname.new(f).expand_path)
+            end
+        else
+            extract_from(file)
+        end
+
+        return @loot
+    end
+
+    def summarize_loot
+        ret = Array.new
+        @loot.each do |type, keys|
+            ret.push(colorize_type(type))
+            keys.each do |key|
+                ret.push("#{key.to_s}\n")
+            end
+        end
+
+        return ret.join("\n")
+    end
+    private :summarize_loot
+
+    def to_s
+        return summarize_loot
+    end
+end
+
+require "thieve/error"
+require "thieve/key_info"

metadata

@@ -0,0 +1,70 @@
+--- !ruby/object:Gem::Specification
+name: thieve
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Miles Whittaker
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-03-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.7.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.7.7
+description: This ruby gem will extract, fingerprint, and match-up keys and/or certs
+  from source code trees.
+email: mjwhitta@gmail.com
+executables:
+- thieve
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/thieve
+- lib/string.rb
+- lib/thieve.rb
+- lib/thieve/error.rb
+- lib/thieve/key_info.rb
+homepage: https://mjwhitta.github.io/thieve
+licenses:
+- GPL-3.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Extract, fingerprint, and match-up keys and/or certs
+test_files: []