Skip to content

Instantly share code, notes, and snippets.

@Hiranyaloka
Created June 4, 2019 07:37
Show Gist options
  • Save Hiranyaloka/eff8223ca82b29321f1c566898d62c5a to your computer and use it in GitHub Desktop.
Save Hiranyaloka/eff8223ca82b29321f1c566898d62c5a to your computer and use it in GitHub Desktop.
Perl script to check passwords against pwnedpasswords.com api.
#!/usr/bin/env perl
use strict;
use warnings;
use feature qw/say/;
use Digest::SHA 'sha1_hex';
use LWP::UserAgent;
my $ua = 'pwned.pl';
my $timeout = 5;
my $base_url = 'https://api.pwnedpasswords.com/range/';
print "Enter password to check: ";
chomp(my $password = <STDIN>);
my $hash = uc sha1_hex ($password);
my $range = substr ($hash, 0, 5, '');
my $url = $base_url . $range;
my $res = LWP::UserAgent->new (agent => $ua, timeout => $timeout)->get ($url);
if ($res->code != 200) {
die $res->status_line;
}
my $content = $res->content;
my $start = index($content, "$hash:");
if ($start > -1) {
print "That password was pwned ";
my $end = index($content, "\n", $start);
if ($end == -1) {
$end = length($content);
}
my $length = $end - $start;
my $pwns = substr($content, $start, $length);
if ($pwns =~ /\:(\d+)?/) {
say "$1 times!";
}
} else {
say "OK!";
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment