alinefr · March 1, 2017 05:21
diff --git a/check_cloudflare_lastpass.py b/check_cloudflare_lastpass.py
 """
 This is the product of me spending a few minutes trying to
 assess how much of my LastPass vault is potentially vulnerable
 to the recent CloudFlare issue.

 It's hacky, and probably broken in some way, but it's a start.

 Gist comments with improvements very welcome.
 """

 LASTPASS_CSV_PATH = 'INSERT_FULL_PATH_HERE'

 import csv
 import io
 from urllib.parse import urlparse
 import urllib.request
 import zipfile
 import sys

 try:
    import publicsuffix
 except ImportError:
    print("ERROR: missing publicsuffix.")
    print("PLEASE, INSTALL IT: pip install --user publicsuffix")
    sys.exit(0)

 try:
    psl_reader = publicsuffix.fetch()
 except AttributeError:
    psl_reader = codecs.getreader('utf-8')(urlopen('http://publicsuffix.org/list/public_suffix_list.dat'))
 psl = publicsuffix.PublicSuffixList(psl_reader)

 rows = []
 with open(LASTPASS_CSV_PATH) as lpf:
    for row in csv.reader(lpf):
        rows.append(row)

 with urllib.request.urlopen('https://github.com/pirate/sites-using-cloudflare/archive/master.zip') as response:
    z = zipfile.ZipFile(io.BytesIO(response.read()))

 with z.open('sites-using-cloudflare-master/sorted_unique_cf.txt') as site_list:
    contents = site_list.read()
    contents = contents.decode('utf-8')

 sites = {l.strip() for l in contents.split('\n')}
 sites = {psl.get_public_suffix(s) for s in sites}

 sites_with_passwords = [r[0] for r in rows[1:]]
 sites_with_passwords = [psl.get_public_suffix(urlparse(s).netloc) for s in sites_with_passwords]

 from pprint import pprint
 pprint(sites.intersection(sites_with_passwords))
	"""
	This is the product of me spending a few minutes trying to
	assess how much of my LastPass vault is potentially vulnerable
	to the recent CloudFlare issue.

	It's hacky, and probably broken in some way, but it's a start.

	Gist comments with improvements very welcome.
	"""

	LASTPASS_CSV_PATH = 'INSERT_FULL_PATH_HERE'

	import csv
	import io
	from urllib.parse import urlparse
	import urllib.request
	import zipfile
	import sys

	try:
	import publicsuffix
	except ImportError:
	print("ERROR: missing publicsuffix.")
	print("PLEASE, INSTALL IT: pip install --user publicsuffix")
	sys.exit(0)

	try:
	psl_reader = publicsuffix.fetch()
	except AttributeError:
	psl_reader = codecs.getreader('utf-8')(urlopen('http://publicsuffix.org/list/public_suffix_list.dat'))
	psl = publicsuffix.PublicSuffixList(psl_reader)

	rows = []
	with open(LASTPASS_CSV_PATH) as lpf:
	for row in csv.reader(lpf):
	rows.append(row)

	with urllib.request.urlopen('https://github.com/pirate/sites-using-cloudflare/archive/master.zip') as response:
	z = zipfile.ZipFile(io.BytesIO(response.read()))

	with z.open('sites-using-cloudflare-master/sorted_unique_cf.txt') as site_list:
	contents = site_list.read()
	contents = contents.decode('utf-8')

	sites = {l.strip() for l in contents.split('\n')}
	sites = {psl.get_public_suffix(s) for s in sites}

	sites_with_passwords = [r[0] for r in rows[1:]]
	sites_with_passwords = [psl.get_public_suffix(urlparse(s).netloc) for s in sites_with_passwords]

	from pprint import pprint
	pprint(sites.intersection(sites_with_passwords))