Radcliffe/pwned.py

## pwned.py
#!/usr/bin/env python3
#
# This Python script searches a database of over 500 million passwords
# to determine whether a given password has been exposed in a data breach.
#
# Thanks to Troy Hunt for creating the API that is used by this script.
# See https://haveibeenpwned.com/API/v2#PwnedPasswords for more information.
#
# Author: David Radcliffe (dradcliffe@gmail.com)
# Date: 20 January 2019

import requests
import hashlib
import sys

def search(passwd):
    # Hash the password using SHA-1
    sha1 = hashlib.sha1()
    sha1.update(passwd.encode('utf8'))
    hash_ = sha1.hexdigest().upper()
    prefix, suffix = hash_[:5], hash_[5:]

    # Request all hashes with the required prefix
    url = 'https://api.pwnedpasswords.com/range/' + prefix
    headers = {
        'User-Agent' : 'Python pwned password prober',
        'From' : 'dradcliffe@gmail.com',
    }
    response = requests.request('GET', url, headers=headers)
    hashes = response.text.split('\r\n')

    # Determine the number of occurrences of the hash in the database.
    count = 0
    for line in hashes:
        left, right = line.split(':')
        if left == suffix:
            count = int(right)
            break

    # Return the number of occurences
    return count

if __name__ == '__main__':
    if len(sys.argv) == 2:
        passwd = sys.argv[1]
        count = search(passwd)
        if count == 0:
            print('Not found')
        elif count == 1:
            print('Found once')
        else:
            print('Found %d times' % count)
    else:
        print('Search a database of leaked passwords.')
        print('Usage:\n\tpython pwned.py [password]')
	#!/usr/bin/env python3
	#
	# This Python script searches a database of over 500 million passwords
	# to determine whether a given password has been exposed in a data breach.
	#
	# Thanks to Troy Hunt for creating the API that is used by this script.
	# See https://haveibeenpwned.com/API/v2#PwnedPasswords for more information.
	#
	# Author: David Radcliffe (dradcliffe@gmail.com)
	# Date: 20 January 2019

	import requests
	import hashlib
	import sys

	def search(passwd):
	# Hash the password using SHA-1
	sha1 = hashlib.sha1()
	sha1.update(passwd.encode('utf8'))
	hash_ = sha1.hexdigest().upper()
	prefix, suffix = hash_[:5], hash_[5:]

	# Request all hashes with the required prefix
	url = 'https://api.pwnedpasswords.com/range/' + prefix
	headers = {
	'User-Agent' : 'Python pwned password prober',
	'From' : 'dradcliffe@gmail.com',
	}
	response = requests.request('GET', url, headers=headers)
	hashes = response.text.split('\r\n')

	# Determine the number of occurrences of the hash in the database.
	count = 0
	for line in hashes:
	left, right = line.split(':')
	if left == suffix:
	count = int(right)
	break

	# Return the number of occurences
	return count

	if __name__ == '__main__':
	if len(sys.argv) == 2:
	passwd = sys.argv[1]
	count = search(passwd)
	if count == 0:
	print('Not found')
	elif count == 1:
	print('Found once')
	else:
	print('Found %d times' % count)
	else:
	print('Search a database of leaked passwords.')
	print('Usage:\n\tpython pwned.py [password]')