pwdecrypt.py

import argparse
import getpass

import splunk.entity as entity
import splunk.auth

ap = argparse.ArgumentParser()
ap.add_argument("--username", required=True)
ap.add_argument("--password", required=False)
ap.add_argument("--app")
args = ap.parse_args()

if not args.password:
    args.password = getpass.getpass("Password: ")

sessionKey = splunk.auth.getSessionKey(args.username, args.password)

try:
    # list all credentials
    entities = entity.getEntities(
        ["storage", "passwords"],
        namespace="-",
        owner="nobody",
        sessionKey=sessionKey
    )
except Exception as e:
    raise Exception("Could not get credentials from splunk. Error: %s" % str(e))

data = {}
for cred in entities.values():
    app_name = cred["eai:acl"]["app"]
    if args.app and app_name != args.app:
        continue
    if app_name not in data:
        data[app_name] = []
    data[app_name].append({k: cred[k] for k in ("username", "realm", "clear_password")})

for app in sorted(data.keys()):
    print("[+] App: %s" % app)
    for cred in sorted(data[app], key=lambda x: x["username"]):
        print("    [+] Username: %s, Realm: %s, Password: %s" % (
            cred["username"],
            cred["realm"],
            cred["clear_password"]
        ))