extract_otp_secrets

by scito

1.5Kstars

153forks

6watchers

Updated 3 months ago

About

A Python script that extracts OTP secrets from QR codes exported by 2FA apps like Google Authenticator, enabling export and display in multiple formats.

Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes from authentication apps can be captured by camera, read from images, or read from text files. The secrets can be exported to JSON or CSV, or printed as QR codes to console.

Primary Use Case

This tool is used to recover or backup one-time password (OTP) secrets from QR codes generated by two-factor authentication apps, facilitating migration or auditing of 2FA credentials. Security professionals, system administrators, and users needing to export or analyze their 2FA secrets would benefit from this tool.

Key Features

Extract OTP secrets from QR codes captured via system camera with GUI
Read QR codes from image files using a built-in decoder
Parse QR code data from text files generated by external QR readers
Export extracted secrets to JSON or CSV formats
Print OTP secrets as QR codes directly to the console
Save QR codes as PNG images
Cross-platform support: Linux, Windows, MacOS
Available as a standalone executable and Python script

Installation

Download the latest binary executable from the GitHub releases page for your OS (Linux, Windows, MacOS)
Alternatively, clone the repository: git clone https://github.com/scito/extract_otp_secrets.git
Install Python 3.9 or higher (up to 3.13 supported)
Install required Python dependencies (not explicitly listed, but typically via pip install -r requirements.txt)
Optionally install shared system libraries for improved performance (recommended)
Run the Python script directly or use the provided executable

Usage

>_ python extract_otp_secrets.py --camera

Capture QR codes from the system camera using the GUI to extract OTP secrets

>_ python extract_otp_secrets.py --image path/to/qr_image.png

Extract OTP secrets from a QR code image file using the built-in decoder

>_ python extract_otp_secrets.py --text path/to/qr_text.txt

Read QR code data from a text file generated by an external QR decoder and extract OTP secrets

>_ python extract_otp_secrets.py --export json --output secrets.json

Export extracted OTP secrets to a JSON file

>_ python extract_otp_secrets.py --export csv --output secrets.csv

Export extracted OTP secrets to a CSV file

>_ python extract_otp_secrets.py --print-qr

Print the extracted OTP secrets as QR codes directly to the console

>_ python extract_otp_secrets.py --save-png path/to/output.png

Save the extracted OTP secret as a PNG image of the QR code

Security Frameworks

Credential Access

Discovery

Collection

Defense Evasion

Persistence

Usage Insights

Use this tool to audit and backup 2FA secrets before system migrations or decommissioning to prevent accidental lockouts.
Integrate with identity management workflows to verify and inventory 2FA token deployments across the enterprise.
Leverage the tool in red team engagements to simulate credential theft via 2FA secret extraction from QR codes.
Employ as part of purple team exercises to validate blue team detection capabilities around 2FA secret compromise.
Automate periodic extraction and analysis of 2FA secrets to detect unauthorized duplication or exposure.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about extract_otp_secrets. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

This tool hasn't been indexed yet. Request indexing to enable AI chat.

Admin will review your request within 24 hours

Security Profile

Red Team80%

Blue Team40%

Purple Team60%

Details

LicenseGNU General Public License v3.0

LanguagePython

Open Issues33

Topics

otp