Cull your Twitter Friends with Thanos

Every now and again it feels good to cull some of the people you follow on Twitter. Sometimes though, you are not sure on who to remove and who to keep.

I was having the same dilemma, and thought that there had to be an easy way. I had used Tweepy previously, and thought to call upon it to help with the cull.

I wrote a basic Python script which is inspired by Thanos. It can be found on GitHub. I will give a quick run though on how to run it.

First of all we need the Tweepy module installed. It can be done with Pip.

pip3 install tweepy

Now we need to create a folder in which to download the script.

mkdir ~/thanosTwitter

change into the directory and download the script.

cd ~/thanosTwitter && curl -O https://raw.githubusercontent.com/0x6A6F7368/thanosTwitter/master/thanosTwitter.py

You will now need to create a Twitter developer account. This is so you have the keys for the API access. You can create a developer account on the Twitter Developer website. You will also need to create a Twitter app through the developer portal. Once you have the keys you can add them to the script with the text editor of your choice.

Save the changes and it is time to run the script. Before doing so I would like to point out that the script does not give warning and will start unfollowing as soon as it is executed. If you are happy with this, run the script.

python3 thanosTwitter.py

Once the script finishes, you will have half an many friends on Twitter, and the universe will be perfectly balanced, just as Thanos intended.

Diceware Passphrase Generator

Update:

Python 3 Version can be found on GitHub.

Diceware Passphrase Generator – Python 2.7

It has been a while since I have done anything with Python so as a quick easy ‘get back into it’ I though I would create a Diceware Passphrase Generator. This is not a truly secure implementation as I am only using the python random function, as this quote from the Python Document Library explains:

Warning: The pseudo-random generators of this module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator.

diceware passphrase

I will be modifying the script to use the os.urandom() function and will post it here when I do.

The wordlist I used can be found here; more information about Diceware Passphrases can be read here.

And here is the code:

import random

def dicenumber():
    diceout = ""
    for i in range(5): # 5 dice rolls
        diceout += `random.randint(1,6)` # add result of dice roll to variable
    return diceout

def diceware(x):
    wordlist = open('diceware.wordlist.asc', 'r')
    for line in wordlist:
        if line.startswith(x):
            wordlist.close()
            return line

for i in range(4): print diceware(dicenumber()), # increase number for longer passphrases

KeePass Dictionary Attack

Update

Python 3 version can be found on GitHub.

Updated page can be viewed here.

KeePass Dictionary Attack – Python 2.7

import libkeepass

filename = 'sample.kdbx' # Enter name of keepass database
f = open('passwords.txt') # Enter name of password list

for line in f:
    line = line.strip()
    try:
        with libkeepass.open(filename, password=line) as kdb:
            print '\n \n Password has been found. Your password is ' + `line`
            break
    except IOError:
        print 'Trying password:  ' + line

I wrote this script for a class I was teaching on using Password Managers. Even though we were implementing a Password Manager, some students still insisted on using simple passwords, thus leaving their password manager vulnerable to a simple dictionary attack. It is by no means an elaborate script, but was enough to outline to my students why we should use strong passwords to protect sensitive data.

Keepass Dictionary Attack
The KeePass Dictionary Attack script displaying the password found for a KeePass database.

To use this script you will need access to a wordlist. There are many wordlists around and a quick Google search for ‘wordlist’ will link you to several. A list of the top 500 worst passwords can be found here.

You will also need to download and install the libkeepass module. To install this module you may also need to download Microsoft Visual C++ compiler for Python 2.7.

The KeePass Dictionary Attack script will cycle though the lines of the password list and then display the password if it finds a match. This password will then let you open an view passwords stored in the database. Currently, there is no message displayed if the password isn’t found.

Protecting yourself

A KeePass dictionary using the default values can be attacked a fairly reasonable pace – depending on the speed of the attacking PC of course.

To help protect against a KeePass Dictionary Attack you can try some of the options found here – this doesn’t prevent an attacker running this script but does dramatically slow the attacker down.

Dictionary Attack

A dictionary attack is when an attacker uses a wordlist of common passwords to attempt entry into your account/devices/files/etc. This is often successful due to people using simple dictionary words for passwords – to avoid this kind of attack ensure you use long, unique passwords.