INITIAL COMMIT
with checkPasswordList.sh
This commit is contained in:
commit
b2907f3bb1
3 changed files with 86 additions and 0 deletions
23
README.md
Normal file
23
README.md
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
# My Have I been pwned scripts
|
||||||
|
|
||||||
|
These are my scripts to the haveibeenpwned.com api.
|
||||||
|
... To be extended ...
|
||||||
|
|
||||||
|
|
||||||
|
## checkPasswordList.sh
|
||||||
|
|
||||||
|
This script checks a list of passwords against the api and reports whether they hae been compromised.
|
||||||
|
The passwords themselfs will NOT be send to the web-api.
|
||||||
|
haveibeenpwned.com's k-anonymity model is used.
|
||||||
|
More info can be found here https://haveibeenpwned.com/API/v2#PwnedPasswords
|
||||||
|
|
||||||
|
Example:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ ./checkPasswordList.sh passwordlist.txt
|
||||||
|
Checking passwords from list passwordlist.txt
|
||||||
|
XX: Password P@ssw0rd has been pwned 51259 times.
|
||||||
|
__: Password c60e6754-8abf-4c0f-a7a7-2225da28637f has not been pwned.
|
||||||
|
__: Password c60e6754-8a f-4c0f-a7a -2225da28637f has not been pwned.
|
||||||
|
==: 1 of 3 passwords have been pwned.
|
||||||
|
```
|
60
checkPasswordList.sh
Executable file
60
checkPasswordList.sh
Executable file
|
@ -0,0 +1,60 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
pfile=$1
|
||||||
|
cPwned=0
|
||||||
|
cPswds=0
|
||||||
|
|
||||||
|
## Check if the argument is a file we can read
|
||||||
|
if [ ! -f "$pfile" ]
|
||||||
|
then
|
||||||
|
echo "$pfile can not be read."
|
||||||
|
echo
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
## Check if the list in the argument is an actual ascii file
|
||||||
|
## and not something crazy like a zip, etc.
|
||||||
|
filetype=$(file "$pfile")
|
||||||
|
if [ "$filetype" != "$pfile: ASCII text" ]
|
||||||
|
then
|
||||||
|
echo "$pfile is not an ascii password list."
|
||||||
|
echo
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
## loop through the file and verify against the api
|
||||||
|
echo "Checking passwords from list $1"
|
||||||
|
|
||||||
|
IFS=$'\n'
|
||||||
|
for p in $(cat < "$pfile"); do
|
||||||
|
((cPswds++))
|
||||||
|
## Hash the password, filter non-hashy things (" -" at the end),
|
||||||
|
## translate to upper for the beauty
|
||||||
|
pHashed=$(echo -n "$p" | sha1sum | cut --delimiter=' ' --fields=1 | tr '[:lower:]' '[:upper:]')
|
||||||
|
## Devide into prefix and suffix used by k-anonymity model
|
||||||
|
## https://haveibeenpwned.com/API/v2#PwnedPasswords
|
||||||
|
pPrefix=$(echo -n "$pHashed" | cut --characters='-5')
|
||||||
|
pSuffix=$(echo -n "$pHashed" | cut --characters='6-')
|
||||||
|
## get a list of pwnedsuffix:pwncount from the webservice
|
||||||
|
wsResult=$(curl --silent https://api.pwnedpasswords.com/range/$pPrefix)
|
||||||
|
## Check if our suffix is included and strip characters we can not understand
|
||||||
|
wsCheck=$(echo -n "$wsResult" | grep $pSuffix | tr -cd [:alnum:][:])
|
||||||
|
if [ -n "$wsCheck" ]
|
||||||
|
then
|
||||||
|
## CheckedResult contains a value --> EVIL
|
||||||
|
pwnCount=$(echo -n "$wsCheck" | cut --delimiter=':' --fields=2)
|
||||||
|
echo "XX: Password $p has been pwned $pwnCount times."
|
||||||
|
((cPwned++))
|
||||||
|
else
|
||||||
|
## CheckedResult does not contain a value --> good
|
||||||
|
echo "__: Password $p has not been pwned."
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "==: $cPwned of $cPswds passwords have been pwned."
|
||||||
|
echo
|
||||||
|
|
||||||
|
if [ $cPwned -gt 0 ]
|
||||||
|
then
|
||||||
|
exit 1
|
||||||
|
fi
|
3
passwordlist.txt
Normal file
3
passwordlist.txt
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
P@ssw0rd
|
||||||
|
c60e6754-8abf-4c0f-a7a7-2225da28637f
|
||||||
|
c60e6754-8a f-4c0f-a7a -2225da28637f
|
Loading…
Reference in a new issue