file on a public-facing server. Use environment variables or a dedicated vault. Security.txt:
# Example: Install on port 9000 with custom directory sudo ./install.sh 9000 /opt/my-passwords </code></pre> <h2>Features</h2> <ul> <li>🔍 <strong>Search</strong> - Search through all password files</li> <li>👁️ <strong>View</strong> - View file contents in browser</li> <li>💾 <strong>Download</strong> - Download password files</li> <li>📊 <strong>Statistics</strong> - File count and total size</li> <li>🔄 <strong>Auto-refresh</strong> - Updates every 30 seconds</li> <li>🎨 <strong>Modern UI</strong> - Clean, terminal-style interface</li> </ul> <h2>Security Notes</h2> <p>⚠️ <strong>WARNING</strong>: This tool exposes password files over HTTP. Use with caution!</p> <h3>Recommended Security Measures:</h3> <ol> <li><strong>Use HTTPS</strong> - Put behind nginx/Apache with SSL</li> <li><strong>Add Authentication</strong> - Modify config.json to enable auth</li> <li><strong>Firewall Rules</strong> - Restrict access by IP</li> <li><strong>VPN Access</strong> - Only expose on internal/VPN network</li> <li><strong>Regular Audits</strong> - Monitor access logs</li> </ol> <h2>Configuration</h2> <p>Edit <code>/opt/password-indexer/config.json</code>:</p> <pre><code class="language-json"> "password_dir": "/var/passwords", // Directory with password files "port": 8080, // Web server port "host": "0.0.0.0", // Bind address "require_auth": false, // Enable basic auth "max_file_size_mb": 10, // Max file size to display "enable_search": true, // Enable search feature "allowed_extensions": [".txt", ".pwd"] // File types to index index of password txt install
Preventing this issue is straightforward and should be a standard part of any server hardening checklist. 1. Disable Directory Browsing file on a public-facing server