Skip to content

Instantly share code, notes, and snippets.

@amol9

amol9/Security checks

Last active Feb 21, 2019
Embed
What would you like to do?
Check your online security.
#!/bin/bash
account=$1
detail=$2
uea=$(python -c "import urllib;print urllib.quote(raw_input())" <<< "$account")
json=$(curl -s https://haveibeenpwned.com/api/v2/breachedaccount/$uea)
if [ "$detail" != "detail" ]
then
REDBOLD='\033[1;31m'
NC='\033[0m'
name_list=$(echo $json | grep -Po "Name.:.*?," | cut -c 8- | sed "s/\",//")
printf "${REDBOLD}found $(echo "$name_list" | wc -l) breaches${NC}\n"
echo "$name_list"
else
echo "$json" | jq .
fi
#!/bin/bash
sha1=$(echo -n $1 | sha1sum)
sha1_f5=$(echo -n $sha1 | grep -Po "^.{5}")
sha1_sf=$(echo -n $sha1 | cut -c 6-)
out="$(curl -s https://api.pwnedpasswords.com/range/$sha1_f5)"
echo "$out" | grep -i $sha1_sf
<1>
Usage: breach_check.sh <account> [detail]
e.g.
> ./breach_check.sh tom@facebook.com
found 6 breaches
BinWeevils
Edmodo
Evony
OnlinerSpambot
RiverCityMedia
YouveBeenScraped
> ./breach_check.sh tom@facebook.com detail
[
{
"Name": "BinWeevils",
"Title": "Bin Weevils",
"Domain": "binweevils.com",
"BreachDate": "2014-09-01",
"AddedDate": "2017-08-18T07:10:57Z",
"ModifiedDate": "2017-08-18T07:10:57Z",
"PwnCount": 1287073,
...TRUNCATED
--
<2>
Usage: pwned_check.sh <password>
e.g.
> ./pwned_check.sh test123
DD0FC3FFCBE93A0CF06E3568E28521687BC:96105
The api only needs first 5 characters of the password hash, so, your plain text password or its full hash never leaves your system.
Output is the suffix of the hash if full hash matches one of the entries returned by the api, followed by the count.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment