tdwalton/1passwordpwnedcheck.sh

## 1passwordpwnedcheck.sh
#!/bin/bash

########################################################################################
# 1passwordpwnedcheck.sh - script to check 1password entries against known compromised
# passwords from haveibeenpwned.com
#
# Requirements:
#   1password CLI tool - https://app-updates.agilebits.com/product_history/CLI
#   jq json parser - https://stedolan.github.io/jq/
#
# Resources:
#   https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
#   https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
#   https://gist.github.com/IcyApril/56c3fdacb3a640f37c245e5813b98b99
########################################################################################


echo "Checking 1Password items against haveibeenpwned.com password list."
echo "Be patient, this might take a while."

item_uuids=$(op list items | jq -c -r '.[].uuid')

pwnd_count=0

for uuid in ${item_uuids}; do

    _checkhash(){
        hash="$(echo -n ${1}| openssl sha1)"
        upperCase="$(echo $hash | tr '[a-z]' '[A-Z]')"
        prefix="${upperCase:0:5}"
        response=$(curl -s https://api.pwnedpasswords.com/range/$prefix)
        while read -r line; do
          lineOriginal="$prefix$line"
          if [ "${lineOriginal:0:40}" == "$upperCase" ]; then
              title=$(_gettitle $uuid)
              echo "Oh no! $title password pwned! You should probably change that one."
              (( pwnd_count += 1 ))
          fi
        done <<< "$response"
    }

    _gettitle(){
        echo "$(op get item ${1} | jq -r '.overview.title?')"
    }

    pwd=$(op get item $uuid | jq -r '.details.fields[] | select(.designation == "password")|.value?' 2> /dev/null)
    _checkhash "$pwd"
done

if [ $pwnd_count -eq 0 ]; then
    echo "Good news! No pwnd passwords found!"
else
    echo "Done. You have $pwnd_count passwords that need changing."
fi

exit 0
	#!/bin/bash

	########################################################################################
	# 1passwordpwnedcheck.sh - script to check 1password entries against known compromised
	# passwords from haveibeenpwned.com
	#
	# Requirements:
	# 1password CLI tool - https://app-updates.agilebits.com/product_history/CLI
	# jq json parser - https://stedolan.github.io/jq/
	#
	# Resources:
	# https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
	# https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
	# https://gist.github.com/IcyApril/56c3fdacb3a640f37c245e5813b98b99
	########################################################################################


	echo "Checking 1Password items against haveibeenpwned.com password list."
	echo "Be patient, this might take a while."

	item_uuids=$(op list items \| jq -c -r '.[].uuid')

	pwnd_count=0

	for uuid in ${item_uuids}; do

	_checkhash(){
	hash="$(echo -n ${1}\| openssl sha1)"
	upperCase="$(echo $hash \| tr '[a-z]' '[A-Z]')"
	prefix="${upperCase:0:5}"
	response=$(curl -s https://api.pwnedpasswords.com/range/$prefix)
	while read -r line; do
	lineOriginal="$prefix$line"
	if [ "${lineOriginal:0:40}" == "$upperCase" ]; then
	title=$(_gettitle $uuid)
	echo "Oh no! $title password pwned! You should probably change that one."
	(( pwnd_count += 1 ))
	fi
	done <<< "$response"
	}

	_gettitle(){
	echo "$(op get item ${1} \| jq -r '.overview.title?')"
	}

	pwd=$(op get item $uuid \| jq -r '.details.fields[] \| select(.designation == "password")\|.value?' 2> /dev/null)
	_checkhash "$pwd"
	done

	if [ $pwnd_count -eq 0 ]; then
	echo "Good news! No pwnd passwords found!"
	else
	echo "Done. You have $pwnd_count passwords that need changing."
	fi

	exit 0