Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes from authentication apps can be captured by camera, read from images, or read from text files. The secrets can be exported to JSON or CSV, or printed as QR codes to console.
I just found this repository - Thank you, it did exactly what I needed!
I used the Docker method of decoding my text file (decoded from the QR Code), which worked great.
However, one slight nit pick: This tool works with highly sensitive data. While I'm sure you don't have a backdoor, could I suggest you to add --network none to your example docker run calls? This way, the user can be sure that the tool does not send anything to the web.
This would only be a change to the README, as the docker container worked fine already: cat the-file | docker run --pull always --network none -i --rm -v "$(pwd)":/files:ro scit0/extract_otp_secrets:latest-only-txt -
scito
commented
2 months ago
Hello!
I just found this repository - Thank you, it did exactly what I needed!
I used the Docker method of decoding my text file (decoded from the QR Code), which worked great.
However, one slight nit pick: This tool works with highly sensitive data. While I'm sure you don't have a backdoor, could I suggest you to add
--network noneto your exampledocker runcalls? This way, the user can be sure that the tool does not send anything to the web.This would only be a change to the README, as the docker container worked fine already:
cat the-file | docker run --pull always --network none -i --rm -v "$(pwd)":/files:ro scit0/extract_otp_secrets:latest-only-txt -Cheers!