Add files via upload

Author: carlooosdev

LICENSE

@@ -0,0 +1,13 @@
+Copyright 2024 Carlos Henrique
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

README.md

@@ -1,2 +1,68 @@
-# bashwords
-Bashwords is a simple password manager made in BASH.
+# Bashwords
+
+This is a simple password manager script written in bash. It allows users to add, get, delete, and list passwords for different accounts or services. The passwords are encrypted using the AES-256 encryption algorithm and stored in separate files.
+
+## Usage
+
+To use the password manager script, you can run it with different command-line options. 
+
+```bash
+./main.sh [options]
+```
+
+### Options
+
+- **-a, --add**: Add a new password for an account/service.
+- **-g, --get**: Get the password for a specified account/service.
+- **-d, --delete**: Delete the password for a specified account/service.
+- **-l, --list**: List all the passwords for all accounts/services.
+- **-h, --help**: Show the help message with usage instructions.
+
+## File Structure
+
+The script uses the following files:
+
+- **data/passwords/**: A directory that stores the encrypted password files for each account/service.
+- **data/key.passman**: A file that contains the encryption key used for encrypting and decrypting passwords.
+
+## Functions
+
+The script includes the following functions:
+
+- **usage()**: Displays the usage instructions and options.
+- **encrypt()**: Encrypts a password using the AES-256 encryption algorithm.
+- **decrypt()**: Decrypts an encrypted password using the AES-256 encryption algorithm.
+- **add_password()**: Prompts the user to enter an account/service name and password, encrypts the password, and stores it in a password file.
+- **get_password()**: Prompts the user to enter an account/service name and retrieves the encrypted password from the corresponding password file, decrypts it, and displays it.
+- **delete_password()**: Prompts the user to enter an account/service name and deletes the corresponding password file if it exists.
+- **list_passwords()**: Lists all the account/service names for which passwords are stored.
+
+## Implementation
+
+The script uses a `while` loop to process the command-line options provided by the user. It checks the option and calls the corresponding function accordingly. If an invalid option is provided, it displays an error message and shows the usage instructions.
+
+## Examples
+
+Here are some examples of how to use the script:
+
+- **Adding a Password**: `./main.sh --add`
+  Prompts the user to enter an account/service name and password. Encrypts the password and stores it in a corresponding password file.
+
+- **Getting a Password**: `./main.sh --get`
+  Prompts the user to enter an account/service name and retrieves the encrypted password from the corresponding password file. Decrypts the password and displays it.
+
+- **Deleting a Password**: `./main.sh --delete`
+  Prompts the user to enter an account/service name and deletes the corresponding password file if it exists.
+
+- **Listing Passwords**: `./main.sh --list`
+  Lists all the account/service names for which passwords are stored.
+
+## Security Considerations
+
+- Make sure to keep the encryption key (`data/key.passman`) secure and confidential.
+- Store the password files (`data/passwords/*.passman`) in a secure location.
+- Regularly backup the password files and encryption key to prevent data loss.
+
+Note: This is a simple password manager script and may not provide all the security features and considerations of a professional password manager. Use at your own risk.
+
+For more information on password security, refer to industry best practices and guidelines.

REQUIREMENTS.md

@@ -0,0 +1,45 @@
+# Bashwords Script - System Requirements
+
+To run the password manager script successfully, there are a few requirements that need to be met. This document outlines the necessary software and configurations needed on your system.
+
+## System Compatibility
+
+The password manager script is developed primarily for Unix-like systems such as Linux and macOS. While it may work on other platforms, the following requirements are specifically tailored for Unix-like systems.
+
+## Prerequisites
+
+Ensure that the following software packages are installed on your system:
+
+- **Bash**: The password manager script is written in Bash, so a compatible Bash shell is necessary. Most Unix-like systems come with Bash pre-installed. To check the installed version, open a terminal and run the command:
+  ```bash
+  bash --version
+  ```
+
+- **OpenSSL**: The script utilizes OpenSSL for AES-256 encryption. Make sure OpenSSL is installed on your system. To check the installed version, run the command:
+  ```bash
+  openssl version
+  ```
+
+If any of the required software is missing or outdated, please install or update them to meet the minimum version requirements.
+
+## File Permissions
+
+Ensure that you have read, write, and execute permissions in the directory where the password manager script is located. The script needs these permissions to create and modify the necessary files.
+
+Additionally, if you plan to run the script using elevated privileges (e.g., as a system administrator), make sure you have the appropriate permissions to access and modify the system files and components the script interacts with.
+
+## Configuration
+
+The password manager script relies on the presence of specific directories and files. Please ensure the following configurations:
+
+- **Data Directory**: The `data/` directory should be present in the same location as the password manager script. This directory stores encrypted password files, the encryption key, and other necessary data.
+
+- **Passwords Directory**: Inside the `data/` directory, create a subdirectory named `passwords/`. This directory will hold the encrypted password files for each account or service.
+
+- **Encryption Key**: Create a file named `key.passman` inside the `data/` directory. This file should contain the encryption key for the password files. Make sure to keep this key secure and confidential.
+
+## Usage
+
+For detailed instructions on how to use the password manager script and its available command-line options, please refer to the main README file.
+
+By fulfilling these requirements and configurations, you should be able to run the password manager script smoothly and securely on your system.

SECURITY.md

@@ -0,0 +1,31 @@
+# Bashwords - Security Considerations
+
+The password manager script takes security seriously and encourages users to report any vulnerabilities or security concerns they may discover. This document outlines the process for reporting vulnerabilities and provides support contact information.
+
+## Reporting Vulnerabilities
+
+We greatly appreciate the efforts of security researchers and users in identifying potential vulnerabilities. If you believe you have discovered a security vulnerability in the password manager script, please follow these steps:
+
+1. Report the vulnerability as soon as possible by sending an email to our dedicated security team at [carlos.henrique.de.paula.oliveira@hotmail.com](mailto:carlos.henrique.de.paula.oliveira@hotmail.com). Please avoid discussing or disclosing the vulnerability details publicly until we have addressed the issue.
+
+2. Provide a detailed description of the vulnerability, including the steps to reproduce it. It will help us understand the potential impact and take necessary actions promptly.
+
+3. If possible, include any supporting files, scripts, or screenshots that demonstrate the vulnerability. This information will assist in our investigation and allow us to validate the reported vulnerability effectively.
+
+4. We will acknowledge receipt of your report within 48 hours and initiate our investigation promptly. We will keep you informed about the progress and any further actions taken.
+
+5. Once the vulnerability is resolved, we will attribute the discovery appropriately if desired. However, please let us know if you wish to remain anonymous.
+
+## Support Contact Information
+
+For general inquiries, feedback, or support requests regarding the password manager script, you can reach out to our support team at the following email address:
+
+- Email: [carlos.henrique.de.paula.oliveira@hotmail.com](carlos.henrique.de.paula.oliveira@hotmail.com)
+
+Please allow up to 24-48 hours for a response from our support team. We strive to provide timely assistance and address your concerns or questions related to the script.
+
+We value your input and appreciate your cooperation in helping us maintain the security and reliability of the password manager script.
+
+**Important:** For security-related concerns, such as reporting vulnerabilities, please use the dedicated email address mentioned earlier ([carlos.henrique.de.paula.oliveira@hotmail.com](carlos.henrique.de.paula.oliveira@hotmail.com)) for quicker attention and confidentiality.
+
+Thank you for your understanding and support in making the password manager script more secure.

main.sh

@@ -0,0 +1,122 @@
+#!/bin/bash
+
+: <<LICENSE
+Copyright 2024 Carlos Henrique
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+LICENSE
+
+PASSWORD_DIR="data/passwords/"
+KEY_FILE="data/key.passman"
+
+usage() {
+  echo "Usage: ./password_manager.sh [options]"
+  echo "Options:"
+  echo "  -a, --add        Add a new password"
+  echo "  -g, --get        Get a password"
+  echo "  -d, --delete     Delete a password"
+  echo "  -l, --list       List all passwords"
+  echo "  -h, --help       Show help"
+}
+
+encrypt() {
+  password="$1"
+  key=$(cat "$KEY_FILE")
+  echo "$password" | openssl enc -aes-256-cbc -a -salt -pass pass:"$key"
+}
+
+decrypt() {
+  encrypted_password="$1"
+  key=$(cat "$KEY_FILE")
+  echo "$encrypted_password" | openssl enc -d -aes-256-cbc -a -salt -pass pass:"$key"
+}
+
+add_password() {
+  echo -n "Enter the account/service name: "
+  read -r account
+  echo -n "Enter the password: "
+  read -s password
+
+  encrypted_password=$(encrypt "$password")
+  echo "$encrypted_password" > "$PASSWORD_DIR$account.passman"
+  echo "Password added successfully."
+}
+
+get_password() {
+  echo -n "Enter the account/service name: "
+  read -r account
+
+  if [[ -f "$PASSWORD_DIR$account.passman" ]]; then
+    encrypted_password=$(cat "$PASSWORD_DIR$account.passman")
+    password=$(decrypt "$encrypted_password")
+    echo "Password for $account: $password"
+  else
+    echo "Password not found for $account."
+  fi
+}
+
+delete_password() {
+  echo -n "Enter the account/service name: "
+  read -r account
+
+  if [[ -f "$PASSWORD_DIR$account.passman" ]]; then
+    rm "$PASSWORD_DIR$account.passman"
+    echo "Password deleted successfully for $account."
+  else
+    echo "Password not found for $account."
+  fi
+}
+
+list_passwords() {
+  if [[ -n "$(ls -A "$PASSWORD_DIR")" ]]; then
+    echo "All passwords:"
+    for file in "$PASSWORD_DIR"*.passman; do
+      account=$(basename "$file" .passman)
+      echo "$account"
+    done
+  else
+    echo "No passwords found."
+  fi
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    -a|--add)
+      add_password
+      exit
+      ;;
+    -g|--get)
+      get_password
+      exit
+      ;;
+    -d|--delete)
+      delete_password
+      exit
+      ;;
+    -l|--list)
+      list_passwords
+      exit
+      ;;
+    -h|--help)
+      usage
+      exit
+      ;;
+    *)
+      echo "Invalid option: $1"
+      usage
+      exit 1
+      ;;
+  esac
+done
+
+usage