Last active
December 1, 2019 12:36
-
-
Save pejobo/b3ed8df877f703a35632de576a0c2787 to your computer and use it in GitHub Desktop.
Have I been pawned?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# Links: | |
# https://haveibeenpwned.com/Passwords | |
# https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange | |
if [ "$1" == "--gui" ]; then | |
gui=true | |
shift | |
fi | |
function show_info() { | |
if [ "$gui" == "true" ]; then | |
zenity --title="Passwort Test" --name="Passwort Test" --width=600 --info --text "$1" | |
else | |
echo $1 | |
fi | |
} | |
function show_error() { | |
if [ "$gui" == "true" ]; then | |
zenity --title="Passwort Test" --name="Passwort Test" --width=600 --error --text "$1" | |
else | |
>&2 echo $1 | |
fi | |
} | |
selftest=`echo -n "€" | sha1sum | tr '[:lower:]' '[:upper:]' | cut -c 10-20` | |
if [ "$selftest" != "EA7BF1CA105" ]; then | |
show_error "Selbsttest fehlgeschlagen" | |
exit -2 | |
fi | |
if [ "$1" == "" ]; then | |
if [ "$gui" == "true" ]; then | |
pssw=$(zenity --title="Passwort Test" --name="Passwort Test" --width=600 --entry --hide-text --text "Bitte das zu testende Passwort eingeben"); | |
echo $pssw | |
else | |
read -esp 'Bitte das zu testende Passwort eingeben: ' pssw | |
echo | |
fi | |
else | |
pssw=$1 | |
shift | |
fi | |
if [ "pssw" == "" ]; then | |
show_error "Leeres Passwort" | |
exit -2 | |
fi | |
sha1=`echo -n $pssw | sha1sum | tr '[:lower:]' '[:upper:]'` | |
pssw= | |
prefix=`echo $sha1 | cut -c -5` | |
suffix=`echo $sha1 | cut -c 6-40` | |
# echo "SHA1 prefix = $prefix" | |
# echo "SHA1 suffix = $suffix" | |
# echo | |
content=`wget -q -O - https://api.pwnedpasswords.com/range/$prefix` | |
if [ $? -ne 0 ]; then | |
show_error "Kann die URL https://api.pwnedpasswords.com/range/$prefix nicht aufrufen, um nach $suffix zu suchen." | |
exit -2 | |
fi | |
hit=`echo "$content" | grep $suffix` | |
if [ "$hit" != "" ]; then | |
count=`echo $hit | cut -c 37- | sed 's/[^0123456789]*//g'` | |
show_error "Das Password wurde sehr wahrscheinlich kompromittiert, es wurden ${count} Treffer in der Datenbankt gefunden." | |
exit -1 | |
else | |
show_info "Herzlichen Glückwunsch, das Passwort ist nicht in der Datenbank kompromitierter Passwörter enthalten." | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Revision 5
German text and new parameter (--gui) and dependency to "zenity"
Revision 4
Very simple script with no dependencies other than standard linux tools (sha1sum, wget) to check if your password has been pawned, without the need to enter it on a website. The script will transfer the first 5 characters of the SHA1 hash of your password to the site pwnedpasswords.com (via https). Check the source code to ensure I'm not lying!
If the script is called without parameters it will ask you for one - this is the recommended way!
If you provide your password as parameter remember to quote it properly! Also ensure that your password will not show up in the command history (e.g. prefix the call with a space). And please be aware that you password will be visible during execution (e.g. with
ps
).Check the script first with a common password to ensure it's working properly in your environment (e.g. use it with '1234567', where the reported hit counter for the SHA1 hash is above 2 million).