Pwned Password Checker. This script will accept a file that lists passwords (on each line). It will anonymously check if that password has ever been pwned through the haveibeenpwned.com API service. Your raw passwords are secure and not transmitted anywhere. For more information, please read how the API works at https://haveibeenpwned.com/API/v2…

pwnedPasswordChecker.sh

#!/usr/bin/env bash

###
# Pwned Password Checker
# This script will accept a file that lists passwords (on each line)
# It will anonymously check if that password has ever been pwned through
# the haveibeenpwned.com API service. Your raw passwords are secure and
# not transmitted anywhere. For more information, please read how the API
# works at https://haveibeenpwned.com/API/v2#PwnedPasswords
#
# How to use: $ ./pwnedChecker.sh passwordfile.txt
#
# Requires: Bash, OpenSSL, Curl
# Author: Tony Pagaduan (Elte156)
###


# Check for password file argument
if [ ! -f ${1} ] || [ -z ${1} ]; then
  echo "Please pass a password file as an argument"
  exit 1
fi

echo "The following passwords have been compromised:"

# Loop through each line in the password file
while IFS='' read -r PASSWORD || [[ -n "${PASSWORD}" ]]; do
    # Get raw password and get the SHA-1 hash
    HASHED=$(echo -n "${PASSWORD}" | openssl sha1 | tr '[:lower:]' '[:upper:]')

    # Get the first 5 chars from hash (required for anonymity for the API service)
    HASHED_SUB=${HASHED:0:5}
    # Get the remaining chars to look for in API response
    HASHED_END=${HASHED#${HASHED_SUB}}

    # Request matching hashes from API service
    PWNED_HASHES=$(curl -s -X GET "https://api.pwnedpasswords.com/range/${HASHED_SUB}")

    # Check to see if our password hash exists in response
    if [[ $PWNED_HASHES == *"${HASHED_END}"* ]]; then
        echo "  ${PASSWORD}"
    fi
done < ${1}
echo "Script is complete!"