Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Scriptable green pass verifier.
With this application you can automatize accesses based on green pass validity.
It can also be used to analyze your digital certification (e.g. to print
which key was used to sign the certificate, --verbose
).
It is compatibile with EU certificates (DGC) and UK certificate (NHS).
You need to have pip and libzbar to install the application.
You can install it using your favorite package manager, for instance in Ubuntu:
sudo apt install python3-pip libzbar0
You can just install the application using pip:
pip install greenpass
If you want to install it from sources, install the python3 requirements using the following command:
pip3 install -r requirements.txt
You can also use it through the pre-built Docker image, you can find it here. You can easily use it using:
sudo docker run --rm -ti berdav/greenpass --settings
You can feed the application with different file formats, for instance:
Green pass official PDFs
greenpass --pdf greenpass.pdf
QRCode images in PNG
greenpass --qr greenpass.png
Txt files with the content of the qrcode
greenpass --txt greenpass.txt
Standard input and pipes
zbarimg --raw greenpass.png | greenpass --txt -
On a side note, you can verify camera-acquired images if your scanner prints the raw content of the QRcode on stdout
zbarcam --raw -q1 | greenpass --txt -
The application returns an UNIX compatible code, therefore you can concatenate commands that will be executed only if the green pass is verified.
greenpass --qr greenpass.png && echo "green pass ok"
You can also get the expiration configuration using --settings
without
other inputs.
greenpass --settings
Debug the cryptographic part of your greenpass
greenpass --qr greenpass.png --dump-sign
Print the key which the greenpass was signed with
greenpass --qr greenpass.png --verbose --no-cache
Check if a greenpass was valid or will be valid on a certain date
greenpass --qr greenpass.png --at-date '2021-10-30 18:34'
-h --help
Help, print the help message
You need to use one of:
--settings
Dump the settings used by the Italian application
--qr QR
Analyze the qrcode QR
--pdf PDF
Analyze the pdf file PDF
--txt TXT
Analyze the txt file TXT
Caching options:
--cachedir CACHEDIR
Use CACHEDIR as the cache directory, by default the cache is placed in $HOME/.local/greenpass
.
Miscellaneous switches:
--raw
Print the raw content (JSON) of the certificate
--no-color
Disable colored output.
--force-color
Force colored output. (useful in CMD on Windows)
--no-cache
Disable cache, download everything without saving it.
--clear-cache
Redownload the entire cache, useful to update settings.
--key KEY
Use the content of the file KEY as the public certificate (DGC) or the public key (NHS) to verify the certificate.
--verbose
Print more information (e.g. which key verifies the certificate).
--dump-sign
Print details on the headers and signature of the certificate.
--at-date AT_DATE
Use AT_DATE instead of the current date
--recovery-expiration
The recovery certification contains an expiration date. By default this date is ignored, this switch re-enables the check and consider this date (in addition to the settings date).
--batch
Remove all the outputs.
--language LANGUAGE
Localize the output in LANGUAGE. Currently the following languages are available:
The docker image shipped with the program can be used in the following way:
zbarimg --raw qrcode.png | sudo docker -i greenpass
Read a PNG greenpass qrcode
sudo docker -i greenpass --settings
To read the settings
And virtually with all the switches you can find in the previous section. At the moment, files are not easily passed in the container, therefore it is better to process the qrcode or the pdf outside of the container and extract the qrcode text to pass in the application.
If you want more information on the green pass certification and how to parse or verify it you can refer to the following resources:
Greenpass Encoding documentation
Official Italian Android application
FAQs
Scriptable green pass verifier
We found that greenpass demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.