PwnedPasswords.ps1

#
# Description: This script checks if a password has been found in any known data breaches using the Pwned Passwords API.
#

# Function to get user password securely
function Get-Password {
  [Console]::Write("Enter password: ")
  $password = Read-Host -AsSecureString
  return $password
}

# Get the password from the user
$securePassword = Get-Password

# Convert the SecureString to a byte array
$networkCredential = New-Object System.Net.NetworkCredential("", $securePassword)
$passwordBytes = [System.Text.Encoding]::UTF8.GetBytes($networkCredential.Password)

# Calculate the SHA-1 hash of the password
$sha1 = [System.Security.Cryptography.SHA1]::Create()
$hash = [System.BitConverter]::ToString($sha1.ComputeHash($passwordBytes)).Replace("-", "")

$prefix = $hash.Substring(0, 5)
$suffix = $hash.Substring(5)

# Query the Pwned Passwords API
try {
  $response = Invoke-WebRequest -Uri "https://api.pwnedpasswords.com/range/$prefix"
}
catch {
  Write-Warning "Error querying the Pwned Passwords API. Please try again later."
  exit
}

# Check if the password hash suffix exists in the response
$match = $response.Content -match "$($suffix):(\d+)"

# Display the result to the user
if ($match) {
  $count = $Matches[0] -replace ".*:(\d+)", '$1'
  Write-Host "This password has been found $($count) times in data breaches. It is highly recommended to change it immediately!"
}
else {
  Write-Host "This password has not been found in any known data breaches."
}