Skip to content

Instantly share code, notes, and snippets.

@vatsalyagoel
Last active October 30, 2018 11:56
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save vatsalyagoel/2883edf5768b021843b987a7bdc4f226 to your computer and use it in GitHub Desktop.
Powershell code to check if your password has been in a breach using Troy Hunt's Pwned Passwords. It only sends the first 5 characters of the SHA1 hash in the API request thus you don't have to worry about exposing a password you are currently using over the network
function Sha1Hash($textToHash) {
$hasher = New-Object System.Security.Cryptography.SHA1CryptoServiceProvider
$toHash = [System.Text.Encoding]::UTF8.GetBytes($textToHash)
$hashByteArray = $hasher.ComputeHash($toHash)
foreach ($byte in $hashByteArray) {
$res += $byte.ToString("x2")
}
return $res;
}
$password = Read-Host 'What is your password?' -AsSecureString
$pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
$hash = Sha1Hash($pass)
$requestHash = $hash.Substring(0, 5)
$responseHash = $hash.Substring(5, $hash.length - 5)
$hashes = $(Invoke-RestMethod "https://api.pwnedpasswords.com/range/$requestHash") -Split [Environment]::NewLine
$match = $hashes -Match $responseHash
if(![string]::IsNullOrEmpty($match)) {
$output = "Password found in a Breach. It has been used {0} times." -F $($match -split ":")[1]
Write-Output $output
} else {
Write-Output "Password not found in a breach"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment