-
-
Save gpanders/5c6582fb816c7d69c8e72b31251dd07c to your computer and use it in GitHub Desktop.
Shell script to check passwords against HIBP database (https://haveibeenpwned.com/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| usage() { | |
| echo "Usage: $(basename "$0") [-q] [PASSWORD]" | |
| } | |
| while getopts "hq" o; do | |
| case "$o" in | |
| h) usage; exit 0 ;; | |
| q) quiet=1 ;; | |
| *) usage >&2; exit 1 ;; | |
| esac | |
| done | |
| shift $((OPTIND-1)) | |
| password="$1" | |
| if [ -z "$password" ]; then | |
| if [ -t 0 ]; then | |
| printf 'Password: ' | |
| stty -echo | |
| fi | |
| read -r password | |
| if [ -t 0 ]; then | |
| stty echo | |
| printf '\n' | |
| fi | |
| fi | |
| hash=$(echo "$password" | tr -d '\n' | sha1sum | cut -d' ' -f 1 | tr 'a-f' 'A-F') | |
| prefix=$(echo "$hash" | cut -c 1-5) | |
| suffix=$(echo "$hash" | cut -c 6-) | |
| match=$(curl -s https://api.pwnedpasswords.com/range/"$prefix" | grep "^$suffix") | |
| if [ -n "$match" ]; then | |
| nmatches=$(echo "$match" | cut -d: -f 2 | tr -d '\r') | |
| [ -z "$quiet" ] && echo "The password you entered was found $nmatches times in known data breaches." | |
| exit 1 | |
| elif [ -z "$quiet" ]; then | |
| echo "The password you entered was not found in any known data breaches." | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Usage examples
Check a password interactively:
Check a password from
pass:Install
$ wget -O /usr/local/bin/pwck https://git.io/Jv2c0 && chmod +x /usr/local/bin/pwck