{"id":15877766,"url":"https://github.com/zimbatm/freepass","last_synced_at":"2026-02-10T20:01:43.200Z","repository":{"id":66382132,"uuid":"589174","full_name":"zimbatm/freepass","owner":"zimbatm","description":"Per domain password generation tool [Unmaintained]","archived":false,"fork":false,"pushed_at":"2023-12-15T11:37:59.000Z","size":326,"stargazers_count":3,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-08-21T21:39:36.730Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://zimbatm.com/freepass","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zimbatm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2010-03-31T22:29:42.000Z","updated_at":"2023-07-30T12:47:34.000Z","dependencies_parsed_at":"2024-10-06T02:03:48.038Z","dependency_job_id":"7454d573-44a3-40a3-8ead-bf4e0184477f","html_url":"https://github.com/zimbatm/freepass","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/zimbatm/freepass","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zimbatm%2Ffreepass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zimbatm%2Ffreepass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zimbatm%2Ffreepass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zimbatm%2Ffreepass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zimbatm","download_url":"https://codeload.github.com/zimbatm/freepass/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zimbatm%2Ffreepass/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29314703,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-10T17:48:59.043Z","status":"ssl_error","status_checked_at":"2026-02-10T17:45:37.240Z","response_time":65,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-06T02:03:40.097Z","updated_at":"2026-02-10T20:01:43.183Z","avatar_url":"https://github.com/zimbatm.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"FreePass\n========\n\nA little tool that provide a per-site password given a unique master password.\nThis is not a new idea and has already been implemented by other tools (like SuperGenPass [1]) but I wanted to try some ideas I had about security with that project.\n\n\nLicence\n-------\n\nAll code provided by me is released in the public domain. Some external code is also used and their respective licence is to be observed.\n\nHow it works\n------------\n\nWhen you call the bookmarklet, it opens a new window. That window will provide a simple interface that generates a password, given a master password and a domain.\n\nWhen you click on generate, the password is transmitted to your calling window trought the HTML5 postMessage API. Now that the page has the site-password, password input elements are then simply filled when you double-click on them. A visual cue is also provided to let you know the password has been filled correctly.\n\nInstallation\n------------\n\nJust put the files in a public location. No kind of server-side scripting is required.\n\nSee \"Offline mode\" section if you want FreePass to be available when not connected on the web.\n\nIf you want to develop on the code, you will need `ruby`, `rake` and the `closure-compiler` gem.\n\nOffline mode\n------------\n\nIt is possible to use FreePass when not connected on the web. Using the new HTML5 offline mode, some modern browser will keep a copy of the FreePass website.\n\nTo make it work, make sure your browser supports that feature, and configure your webserver to serve the \"index.manifest\" file with \"text/cache-manifest\" content-type.\n\nApache2 configuration:\n\n    \u003cIfModule mod_mime.c\u003e\n       AddType text/cache-manifest .manifest\n    \u003c/IfModule\u003e\n\n\nCompatiblity list:\n  - Chrome 5.0.342.9 beta (Mac)\n  - Firefox 3.6 (Mac)\n  \nUncompatiblity list:\n  - Safari 4.0.5 (Mac)\n\nCompatiblity\n------------\n\nThe project has only been tested on Firefox 3.6. The password generation should work on all browsers but some may not provide the postMessage API and thus the bookmarklet may not be supported.\n\nFreePass vs SuperGenPass [1]\n------------------------\n\n- Needs internet connection\n+ Not vulnerable to dom tempering and overlay capture\n+ Forkable project\n\nSecurity\n--------\n\nBrute-force: since the salt is known for a given site, it is easier for the attacker to find your password by brute-force in a targetted attack.\n\nFreePass mobile semi-vulnerability: by copying the password in the clipboard, it lets other running applications (and flash?) capture a website's password.\n\nFuture ideas\n------------\n\n* Check bookmarklet version on site (and propose upgrade if necessary)\n* Make usability testing\n* Provide more doc\n* Make a security audit\n* Add some unit-tests (with nodejs ?)\n* Provide a command-line tool for password generation (with nodejs ?)\n* Publish the password-generation algorithm\n* Use http://publicsuffix.org/\n\nLinks\n-----\n\n[1] http://supergenpass.com/ - Another project that does about the same\n\nhttp://postmessage.freebaseapps.com/ - Backward-compatible postMessage implementation\nhttp://closure-compiler.appspot.com/ - Javascript compression REST-API\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzimbatm%2Ffreepass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzimbatm%2Ffreepass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzimbatm%2Ffreepass/lists"}