Prompt for password instead of passing password as CLI argument (because of bash history)

Syzik / DockerRegistryGrabber

Enumerate / Dump Docker Registry

157 stars 23 forks source link

Prompt for password instead of passing password as CLI argument (because of bash history) #6

Open scls19fr opened 6 months ago

scls19fr commented 6 months ago

https://github.com/Syzik/DockerRegistryGrabber/blob/9e0c484e273055acb5bd81a69d6a65ab358a0683/drg.py#L188

Many CLI tools avoid to pass password as CLI argument to avoid this kind of data to be stored into bash history

Maybe you should provide an option to do something like

python drg.py https://127.0.0.1 -U 'testuser' --password --list 
Type password: ...

https://attack.mitre.org/techniques/T1552/003/

Syzik commented 5 months ago

Yes I know this problem as a pentester we must be efficient I prefer to stay on this format like tools such as netexec and co. It is possible to put a space before the command to prevent the command being stored in the bash history.

scls19fr commented 5 months ago

Maybe 2 options could be available

--password YourPass

--prompt-pwd