liquidsec
commented
1 year ago I have decided not to officially support Windows since doing so with so many dependencies could be a bit of a nightmare..
That being said, there are a couple things you can try.
1) Try manually running the CLI rather than using the pip entry point. So you would CD into the badsecrets root directory and run cli.py like this:
python ./badsecrets/examples/cli.py eyJhbGciOiJIUzI1NiJ9.eyJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkJhZFNlY3JldHMiLCJleHAiOjE1OTMxMzM0ODMsImlhdCI6MTQ2NjkwMzA4M30.ovqRikAo_0kKJ0GVrAwQlezymxrLGjcEiW_s3UJMMCo2) If you still have issues with packages, I have included support for poetry. So after installing poetry, you can cd into the main badsecrets directory and do a poetry install, and then run either run from inside the poetry env by doing poetry shell or do poetry run ./badsecrets/examples/cli.py.
Beyond that, I would suggest using docker. I am planning on adding an official docker image and including instructions in the readme. But until then, lukewegryn has created one and you can find his instructions in the issue he opened: https://github.com/blacklanternsecurity/badsecrets/issues/81
iamyuthan
I find difficulty in installing and using the package in Windows machine, please refer to the below command history for reference.
` C:\Users\test\Downloads\badsecrets-main\badsecrets\examples>pip install badsecrets Collecting badsecrets Downloading badsecrets-0.3.375-py3-none-any.whl (1.6 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.6/1.6 MB 34.7 MB/s eta 0:00:00 Collecting Django<5.0.0,>=4.1.2 Downloading Django-4.2.3-py3-none-any.whl (8.0 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 8.0/8.0 MB 57.0 MB/s eta 0:00:00 Collecting requests<3.0.0,>=2.28.1 Downloading requests-2.31.0-py3-none-any.whl (62 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 62.6/62.6 kB 3.5 MB/s eta 0:00:00 Collecting viewstate<0.6.0,>=0.5.3 Downloading viewstate-0.5.3.tar.gz (8.4 kB) Preparing metadata (setup.py) ... done Collecting pycryptodome<4.0.0,>=3.15.0 Downloading pycryptodome-3.18.0-cp35-abi3-win_amd64.whl (1.7 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.7/1.7 MB 37.5 MB/s eta 0:00:00 Collecting pytest<8.0.0,>=7.1.3 Downloading pytest-7.4.0-py3-none-any.whl (323 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 323.6/323.6 kB 19.6 MB/s eta 0:00:00 Collecting colorama<0.5.0,>=0.4.6 Downloading colorama-0.4.6-py2.py3-none-any.whl (25 kB) Collecting pyjwt[crypto]<3.0.0,>=2.6.0 Downloading PyJWT-2.8.0-py3-none-any.whl (22 kB) Collecting flask-unsign<2.0.0,>=1.2.0 Downloading flask-unsign-1.2.0.tar.gz (14 kB) Preparing metadata (setup.py) ... done Collecting asgiref<4,>=3.6.0 Downloading asgiref-3.7.2-py3-none-any.whl (24 kB) Collecting tzdata Downloading tzdata-2023.3-py2.py3-none-any.whl (341 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 341.8/341.8 kB ? eta 0:00:00 Collecting sqlparse>=0.3.1 Downloading sqlparse-0.4.4-py3-none-any.whl (41 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 41.2/41.2 kB 1.9 MB/s eta 0:00:00 Collecting flask Downloading Flask-2.3.2-py3-none-any.whl (96 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 96.9/96.9 kB ? eta 0:00:00 Collecting itsdangerous Downloading itsdangerous-2.1.2-py3-none-any.whl (15 kB) Collecting markupsafe Downloading MarkupSafe-2.1.3-cp310-cp310-win_amd64.whl (17 kB) Collecting werkzeug Downloading Werkzeug-2.3.6-py3-none-any.whl (242 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 242.5/242.5 kB ? eta 0:00:00 Collecting cryptography>=3.4.0 Downloading cryptography-41.0.2-cp37-abi3-win_amd64.whl (2.6 MB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.6/2.6 MB 42.2 MB/s eta 0:00:00 Collecting tomli>=1.0.0 Downloading tomli-2.0.1-py3-none-any.whl (12 kB) Collecting exceptiongroup>=1.0.0rc8 Downloading exceptiongroup-1.1.2-py3-none-any.whl (14 kB) Collecting pluggy<2.0,>=0.12 Downloading pluggy-1.2.0-py3-none-any.whl (17 kB) Collecting packaging Downloading packaging-23.1-py3-none-any.whl (48 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 48.9/48.9 kB 2.4 MB/s eta 0:00:00 Collecting iniconfig Downloading iniconfig-2.0.0-py3-none-any.whl (5.9 kB) Collecting idna<4,>=2.5 Downloading idna-3.4-py3-none-any.whl (61 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 61.5/61.5 kB ? eta 0:00:00 Collecting urllib3<3,>=1.21.1 Downloading urllib3-2.0.4-py3-none-any.whl (123 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 123.9/123.9 kB ? eta 0:00:00 Collecting charset-normalizer<4,>=2 Downloading charset_normalizer-3.2.0-cp310-cp310-win_amd64.whl (96 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 96.9/96.9 kB 5.4 MB/s eta 0:00:00 Collecting certifi>=2017.4.17 Downloading certifi-2023.5.7-py3-none-any.whl (156 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 157.0/157.0 kB 9.2 MB/s eta 0:00:00 Collecting typing-extensions>=4 Downloading typing_extensions-4.7.1-py3-none-any.whl (33 kB) Collecting cffi>=1.12 Downloading cffi-1.15.1-cp310-cp310-win_amd64.whl (179 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 179.1/179.1 kB 10.6 MB/s eta 0:00:00 Collecting blinker>=1.6.2 Downloading blinker-1.6.2-py3-none-any.whl (13 kB) Collecting click>=8.1.3 Downloading click-8.1.6-py3-none-any.whl (97 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 97.9/97.9 kB ? eta 0:00:00 Collecting Jinja2>=3.1.2 Downloading Jinja2-3.1.2-py3-none-any.whl (133 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 133.1/133.1 kB ? eta 0:00:00 Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 kB ? eta 0:00:00 Installing collected packages: viewstate, urllib3, tzdata, typing-extensions, tomli, sqlparse, pyjwt, pycryptodome, pycparser, pluggy, packaging, markupsafe, itsdangerous, iniconfig, idna, exceptiongroup, colorama, charset-normalizer, certifi, blinker, werkzeug, requests, pytest, Jinja2, click, cffi, asgiref, flask, Django, cryptography, flask-unsign, badsecrets DEPRECATION: viewstate is being installed using the legacy 'setup.py install' method, because it does not have a 'pyproject.toml' and the 'wheel' package is not installed. pip 23.1 will enforce this behaviour change. A possible replacement is to enable the '--use-pep517' option. Discussion can be found at https://github.com/pypa/pip/issues/8559 Running setup.py install for viewstate ... done WARNING: The script sqlformat.exe is installed in 'C:\Users\test\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\Scripts' which is not on PATH. Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location. WARNING: The script normalizer.exe is installed in 'C:\Users\test\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\Scripts' which is not on PATH. Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location. WARNING: The scripts py.test.exe and pytest.exe are installed in 'C:\Users\test\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\Scripts' which is not on PATH. Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location. WARNING: The script flask.exe is installed in 'C:\Users\test\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\Scripts' which is not on PATH. Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location. WARNING: The script django-admin.exe is installed in 'C:\Users\test\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\Scripts' which is not on PATH. Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location. DEPRECATION: flask-unsign is being installed using the legacy 'setup.py install' method, because it does not have a 'pyproject.toml' and the 'wheel' package is not installed. pip 23.1 will enforce this behaviour change. A possible replacement is to enable the '--use-pep517' option. Discussion can be found at https://github.com/pypa/pip/issues/8559 Running setup.py install for flask-unsign ... done WARNING: The script badsecrets.exe is installed in 'C:\Users\test\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\LocalCache\local-packages\Python310\Scripts' which is not on PATH. Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location. Successfully installed Django-4.2.3 Jinja2-3.1.2 asgiref-3.7.2 badsecrets-0.3.375 blinker-1.6.2 certifi-2023.5.7 cffi-1.15.1 charset-normalizer-3.2.0 click-8.1.6 colorama-0.4.6 cryptography-41.0.2 exceptiongroup-1.1.2 flask-2.3.2 flask-unsign-1.2.0 idna-3.4 iniconfig-2.0.0 itsdangerous-2.1.2 markupsafe-2.1.3 packaging-23.1 pluggy-1.2.0 pycparser-2.21 pycryptodome-3.18.0 pyjwt-2.8.0 pytest-7.4.0 requests-2.31.0 sqlparse-0.4.4 tomli-2.0.1 typing-extensions-4.7.1 tzdata-2023.3 urllib3-2.0.4 viewstate-0.5.3 werkzeug-2.3.6
[notice] A new release of pip is available: 23.0.1 -> 23.2 [notice] To update, run: C:\Users\test\AppData\Local\Microsoft\WindowsApps\PythonSoftwareFoundation.Python.3.10_qbz5n2kfra8p0\python.exe -m pip install --upgrade pip
C:\Users\test\Downloads\badsecrets-main\badsecrets\examples>badsecrets eyJhbGciOiJIUzI1NiJ9.eyJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkJhZFNlY3JldHMiLCJleHAiOjE1OTMxMzM0ODMsImlhdCI6MTQ2NjkwMzA4M30.ovqRikAo_0kKJ0GVrAwQlezymxrLGjcEiW_s3UJMMCo 'badsecrets' is not recognized as an internal or external command, operable program or batch file. `