Skip to content

Instantly share code, notes, and snippets.

Created November 19, 2020 12:58
  • Star 17 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Cit0Day Breach Check
# Step 1: Obtain a list of our personal hosts.
# Export from Bitwarden, LastPass, 1Password, or similar:
# Next commands will assume the LastPass export format, which is CSV with the URL in the first field:
# url,username,password,[... more fields]
# Step 2: Obtain a list of all Cit0Day pwned URLs.
wget -O Cit0day-ALL.txt \
'' \
# Step 3: Convert our list of hosts into the same format used by the Cit0Day list.
# This regex assumes a fully-formed URL.
HOSTS="$(perl -ne 's|^https?://(www)?\.?([a-z0-9-]*\.)*?(([a-z0-9-]*\.)?[a-z0-9-]*\.[a-z]*)[/,].*|$3| and print' my_passwords.txt)"
for HOST in $HOSTS; do
grep -Fw "$HOST" Cit0day-ALL.txt
# Step 4: For each result, go to the website and
# 4.1. Change your password.
# 4.2. Communicate this breach to the webmaster.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment