Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Cit0Day Breach Check
#!/bin/bash
# Step 1: Obtain a list of our personal hosts.
# Export from Bitwarden, LastPass, 1Password, or similar:
my_passwords.txt
# Next commands will assume the LastPass export format, which is CSV with the URL in the first field:
# url,username,password,[... more fields]
# Step 2: Obtain a list of all Cit0Day pwned URLs.
wget -O Cit0day-ALL.txt \
'https://gist.github.com/troyhunt/0282a5bad48bd6698672735519ca883a/raw/53ba9bd51256dc658b39094660ac3c2ade7f3aea/Cit0day%20%5B_special_for_xss.is%5D.txt' \
'https://gist.github.com/troyhunt/54d421427ae0c32cadc7e18aac28b539/raw/4a12218baf062730eedbbeb8c21b5ef97b5ab86c/Cit0day%20Prem%20%5B_special_for_xss.is%5D.txt'
# Step 3: Convert our list of hosts into the same format used by the Cit0Day list.
# This regex assumes a fully-formed URL.
HOSTS="$(perl -ne 's|^https?://(www)?\.?([a-z0-9-]*\.)*?(([a-z0-9-]*\.)?[a-z0-9-]*\.[a-z]*)[/,].*|$3| and print' my_passwords.txt)"
for HOST in $HOSTS; do
grep -Fw "$HOST" Cit0day-ALL.txt
done
# Step 4: For each result, go to the website and
# 4.1. Change your password.
# 4.2. Communicate this breach to the webmaster.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment