2FA (Two-Factor Authentication) application for CLI terminal with support to import/export andOTP files.

Overview

zauth

zauth is a 2FA (Two-Factor Authentication) application for terminal written in Go.


zauth

Features

  • Supports both TOTP and HOTP codes.
  • Add new entries directly from CLI.
    • support setting custom digits (default: 6)
    • support setting a custom period (TOTP) (default: 30)
    • support SHA1, SHA256 and SHA512 algorithms (TOTP)
  • Import/Export andOTP backups (encrypted files supported).
  • More upcoming features in What's next

If you would like any other app to be supported, please create an issue and (if possible) provide an unencrypted sample backup file. Of course I am accepting pull requests as well :)


Installation

$ go install github.com/grijul/[email protected]

By default, zauth stores it entries in $HOME/.zauth directory.

Using Docker

zauth can be installed using docker as well. Running the following command pulls zauth image and runs zauth -h command.

$ docker run grijul/zauth:latest zauth -h

You can bind container's /root/.zauth directory to your host's $HOME/.zauth directory to use zauth.json from your host system. Something like this should work:

$ docker run -v $HOME/.zauth:/root/.zauth zauth:latest zauth

Important Note: There is only 1 docker image with latest tag on docker hub. Since there is no release cycle (as of now), I manually have to update the docker image whenever there are new commits. So the image is subject to be outdated and may not contain latest changes/fixes. I will try to update the image as frequently as possible.

If latest changes are desired, you can build docker image from source (it's easier than it sounds).


Building from source

  • Clone repository and cd into dir

      $ git clone https://github.com/grijul/zauth.git && cd zauth
    
  • Build using go build command

      $ go build .
    

Building docker image from source

  1. Clone repository and cd into dir

     $ git clone https://github.com/grijul/zauth.git && cd zauth
    
  2. Build docker image

     $ docker build -t zauth:latest .
    
  3. Run docker image

     $ docker run zauth:latest zauth -h
    

Examples

Print OTP

$ zauth

If zauth.json file exists, corresponding entries will be printed. Else the above command will give a file not found error.

This will simply print zauth entries with OTP and exit. If you wish to watch zauth entries update every second, you can use watch command.

$ watch -n1 zauth

Add new entry

$ zauth entry -new

A prompt will be displayed to capture necessary details (secret, issuer, etc..).


List entries

$ zauth entry -list

Import decrypted file

$ zauth import -file <import_file> -type <import_type>

-file flag tells zauth which file to import

-type flag tells zauth what type of file is being imported (supported files)


Import encrypted file

$ zauth import -file <import_file> -type <import_type> -decrypt

-decrypt flag tells zauth that import file is encrypted, and prompts user for decryption password. If not provided, files are assumed to be decrypted.


Import file (entries are overwritten)

$ zauth import -file <import_file> -type <import_type> -overwrite

-overwrite flag overwrites existing entries with new entries. If not provided, entries are appended.


Export file

$ zauth export -type <export_type> -encrypt

-encrypt flag tells zauth that exported file should be encrypted. If not provided, exported file is decrypted.

The file exported (encrypted/decrypted) is compatible with export_type app. This means user should be able to import this exported file back to export_type app.


Supported app files for import

  • andOTP - supports both encrypted/decrypted file. [-type=andotp]

Supported app files for export

  • andOTP - supports both encrypted/decrypted file. [-type=andotp]

What's next

  • zauth uses json file to store it's entries. At this moment, this json file is unencrypted. It'd be better we could have encrypted file instead.
  • Edit/Delete entries from CLI.

Contact

Feel free to get in touch with me via Twitter or Email.

License

MIT

Issues
Owner
Rijul Gulati
Rijul Gulati
erchive is a go program that compresses and encrypts files and entire directories into .zep files (encrypted zip files).

erchive/zep erchive is a go program that compresses and encrypts files and entire directories into .zep files (encrypted zip files). it compresses usi

Christopher Walters 1 May 16, 2022
An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer.

Quick start Prepare keys (on both sides): [ -f ~/.ssh/id_ed25519 ] && [ -f ~/.ssh/id_ed25519.pub ] || ssh-keygen -t ed25519 scp ~/.ssh/id_ed25519.pub

null 25 May 27, 2022
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

proxylogscan This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and imperson

dw1 139 Jul 25, 2022
extension of SMx crypto support for go standard lib

Crypto Extension support of China crypto standards for go lib. You can simply copy and replace them to [your_go_src_path]/crypto Use as vendor is alte

null 4 Dec 3, 2021
Network scanner for Netbox IPAM with VRF support

Installation git clone https://github.com/axxyhtrx/netbox-rollcall.git cd netbox-rollcall Pre-requirements Create config.yaml file in a root of the pr

Anatoly Kolpakov 3 Feb 25, 2022
Proof of concept microservices webportal and GRPC clients w/ multiDB support

Proof of concept microservices Webportal using Hero templates and websockets GRP

null 1 Dec 17, 2021
Log4j-scanner tools - Support for multiple scan method

Log4j-scanner URL mode (fuzzing url with header, payload) go run . url -h Usage

BREAK TEAM - Hacking Team 1 Jan 4, 2022
Friends don't let friends leak secrets on their terminal window

senv - safer env Friends don't let friends leak secrets in terminal windows. ?? Print your environment to the terminal without worry.

null 103 Aug 4, 2022
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptograp

American Express 496 Jul 29, 2022
Extract endpoints marked as disallow in robots files to generate wordlists.

roboXtractor This tool has been developed to extract endpoints marked as disallow in robots.txt file. It crawls the file directly on the web and has a

Josué Encinar 34 Jul 6, 2022
Encrypt your files or notes by your GPG key and save to MinIO or Amazon S3 easily!

Super Dollop Super Dollop can encrypt your files and notes by your own GPG key and save them in S3 or minIO to keep them safe and portability, also yo

Nedim AKAR 58 Jul 11, 2022
Encrypt embedded go files using age.

encembed Encrypt embedded resource in compiled binary using age. Meant for usage with go generate. This tool will generate a go source file that embed

C_Sto 32 Jul 26, 2022
A Go-based program to find links from the list of Js files.

linkinjs - A Go based program to find links from list of Js files quickly Installation go get -u github.com/rc4ne/linkinjs Efficient Usage with other

Sachin Sharma 4 May 2, 2022
Scans files for .jars potentially vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths inside the .jar.

log4shelldetect Scans a file or folder recursively for jar files that may be vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths in

Jason Chu 42 Jul 3, 2022
null 8 Dec 20, 2021
Golang package for reading FoxPro DBF/FPT files.

go-foxpro-dbf Golang package for reading FoxPro DBF/FPT files. This package provides a reader for reading FoxPro database files. At this moment it is

iOstrovok 0 Dec 17, 2021
Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)

Look4jar Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228) Objectives It differs from some other tools that scan for vulnerable remote

Dwi Siswanto 35 Jul 20, 2022
BadActor.org An in-memory application driven jailer written in Go

BadActor BadActor is an in-memory, application driven jailer built in the spirit of fail2ban. A middleware with the primary goal to increase the expen

Jared Folkins 308 Jul 26, 2022
A rest application to update firewalld rules on a linux server

Firewalld-rest A REST application to dynamically update firewalld rules on a linux server. Firewalld is a firewall management tool for Linux operating

Prashant Gupta 317 Jul 15, 2022