Bash grep, awk o Z177544AA797AF6F322F8CAA5E80E7F 反向查找

Question

I am creating a script to look for commonly used patterns in a password.Although I have security policies in the hosting panel, servers have been outdated due to incompatibilities.

Example, into the file words.txt, i put in there, the word test , when i execute grep -c test123 words.txt . When I look for that pattern I need it to find it but I think that with the command grep it won't work for me.

Script:

EMAILPASS=`/root/info.sh -c usera | grep @`

for PAR in ${EMAILPASS} ; do

EMAIL=$(echo "${PAR}" | grep @ | cut -f1 -d:)
PASS=$(echo "${PAR}" | cut -d: -f 2)
PASS="${PASS,,}"
FINDSTRING=$(grep -ic "${PASS}" /root/words.txt)

echo -e ""
echo -e "Validating password ${EMAIL}"
echo -e ""


if [ $FINDSTRING -ge 1 ] ; then
echo "Insecre"
else
echo "Secure"
fi

the current output of the command is as follows

# grep -c test123 /root/words.txt
0

I think grep is not good for what I need, maybe someone can help me.

I could also use awk or sed but I can't find an option to help me.

Regardsm

Answer 1

Reverse your application.

echo test123 | grep -f words.txt

Each line of the text file will be used as a pattern to test against the input.

edit

Apparently you actually do want to see if the whole password is an actual word, rather than just checking to see if it's based on a dictionary word. That's considerably less secure, but easy enough to do. The logic you have will not report test123 as insecure unless the whole passwword is an exact match for a word in the dictionary.

You said you were putting test in the dictionary and using test123 as the password, so I assumed you were looking for passwords based on dictionary words, which was the structure I suggested above. Will include as commented alternate lines below.

Also, since you're doing a case insensitive search, why bother to downcase the password?

declare -l pass                          # set as always lowecase

would do it, but there's no need.

Likewise, unless you are using it again later, it isn't necessary to put everything into a variable first, such as the grep results. Try to remove anything not needed -- less is more.

Finally, since we aren't catching the grep output in a variable and testing that, I threw it away with -q . All we need to see is whether it found anything, and the return code, checked by the if , tells us that.

/root/info.sh -c usera | grep @ |        # only lines with at signs
  while IFS="$IFS:" read email pass      # parse on read with IFS
  do printf "\n%s\n\n" "Validating password for '$email'"
     if grep -qi "$pass" /root/words.txt # exact search (-q = quiet)
    #if grep -qif /root/words.txt <<< "$pass" # 'based on' search
     then echo "Insecure"
     else echo "Secure"                  # well....
     fi
  done

I think a better paradigm might be to just report the problematic ones and be silent for those that seem ok, but that's up to you.

Questions?