k0nserv/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Have I Been Pwned Password Checker

A small Python 3 script to securely check passwords against https://haveibeenpwned.com/'s list
of previously comprised passwords.
Usage


Install the files requirements.txt in a Python 3 virtual environment with pip install requirements.txt.
Start the script with python main.py.

Security

The script hashes passwords locally and the API uses a k-anonimity model
to check passwords against the compromised list, neither the password nor the full password hash
ever leaves the machine where the script is running. The script itself is small(41 lines) to make it simple and fast to review.
Read more in I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download
by Troy Hunt or in the API docs.

  
## main.py
import getpass
import requests
import hashlib
from urllib.parse import urljoin

API_BASE = 'https://api.pwnedpasswords.com/range/'


def make_request(BASE_URL, hashed_password):
    url = urljoin(BASE_URL, hashed_password[0:5])

    return requests.get(url)


def hash(password):
    return hashlib.sha1(password.encode('UTF-8')).hexdigest()


def query(password):
    hashed_password = hash(password).upper()
    response = make_request(API_BASE, hashed_password)

    results = [result.strip() for result in response.text.splitlines() if
             len(result.strip()) > 0]

    match = [match for match in results if match.startswith(hashed_password[5:])]

    if len(match) > 0:
        [_, count] = match[0].split(':')
        print("Password found :(")
        print(f"Password observed {count} times")

    else:
        print("Password not found")


if __name__ == '__main__':
    while True:
        password = getpass.getpass(prompt='Enter Password: ')
        query(password)
        print("")

## requirements.txt
certifi==2019.11.28
chardet==3.0.4
entrypoints==0.3
flake8==3.7.9
idna==2.8
mccabe==0.6.1
pycodestyle==2.5.0
pyflakes==2.1.1
requests==2.22.0
urllib3==1.25.7
	import getpass
	import requests
	import hashlib
	from urllib.parse import urljoin

	API_BASE = 'https://api.pwnedpasswords.com/range/'


	def make_request(BASE_URL, hashed_password):
	url = urljoin(BASE_URL, hashed_password[0:5])

	return requests.get(url)


	def hash(password):
	return hashlib.sha1(password.encode('UTF-8')).hexdigest()


	def query(password):
	hashed_password = hash(password).upper()
	response = make_request(API_BASE, hashed_password)

	results = [result.strip() for result in response.text.splitlines() if
	len(result.strip()) > 0]

	match = [match for match in results if match.startswith(hashed_password[5:])]

	if len(match) > 0:
	[_, count] = match[0].split(':')
	print("Password found :(")
	print(f"Password observed {count} times")

	else:
	print("Password not found")


	if __name__ == '__main__':
	while True:
	password = getpass.getpass(prompt='Enter Password: ')
	query(password)
	print("")
	certifi==2019.11.28
	chardet==3.0.4
	entrypoints==0.3
	flake8==3.7.9
	idna==2.8
	mccabe==0.6.1
	pycodestyle==2.5.0
	pyflakes==2.1.1
	requests==2.22.0
	urllib3==1.25.7