Skip to content

Instantly share code, notes, and snippets.

@amol9
Last active February 21, 2019 10:07
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save amol9/19df586e7e0b55937d44cf916d36997c to your computer and use it in GitHub Desktop.
Check your online security.
#!/bin/bash
account=$1
detail=$2
uea=$(python -c "import urllib;print urllib.quote(raw_input())" <<< "$account")
json=$(curl -s https://haveibeenpwned.com/api/v2/breachedaccount/$uea)
if [ "$detail" != "detail" ]
then
REDBOLD='\033[1;31m'
NC='\033[0m'
name_list=$(echo $json | grep -Po "Name.:.*?," | cut -c 8- | sed "s/\",//")
printf "${REDBOLD}found $(echo "$name_list" | wc -l) breaches${NC}\n"
echo "$name_list"
else
echo "$json" | jq .
fi
#!/bin/bash
sha1=$(echo -n $1 | sha1sum)
sha1_f5=$(echo -n $sha1 | grep -Po "^.{5}")
sha1_sf=$(echo -n $sha1 | cut -c 6-)
out="$(curl -s https://api.pwnedpasswords.com/range/$sha1_f5)"
echo "$out" | grep -i $sha1_sf
<1>
Usage: breach_check.sh <account> [detail]
e.g.
> ./breach_check.sh tom@facebook.com
found 6 breaches
BinWeevils
Edmodo
Evony
OnlinerSpambot
RiverCityMedia
YouveBeenScraped
> ./breach_check.sh tom@facebook.com detail
[
{
"Name": "BinWeevils",
"Title": "Bin Weevils",
"Domain": "binweevils.com",
"BreachDate": "2014-09-01",
"AddedDate": "2017-08-18T07:10:57Z",
"ModifiedDate": "2017-08-18T07:10:57Z",
"PwnCount": 1287073,
...TRUNCATED
--
<2>
Usage: pwned_check.sh <password>
e.g.
> ./pwned_check.sh test123
DD0FC3FFCBE93A0CF06E3568E28521687BC:96105
The api only needs first 5 characters of the password hash, so, your plain text password or its full hash never leaves your system.
Output is the suffix of the hash if full hash matches one of the entries returned by the api, followed by the count.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment