Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
78b38a25b9 | ||
|
|
bfb35b2517 | ||
|
|
b1fb5f34cc | ||
|
|
8cfba9eb4d |
2
build.sh
Normal file → Executable file
2
build.sh
Normal file → Executable file
@ -2,4 +2,4 @@
|
|||||||
|
|
||||||
mkdir -p build
|
mkdir -p build
|
||||||
cd build
|
cd build
|
||||||
pyinstaller --distpath=../dist --workpath=../build ../src/have_I_b33n_pwned.py
|
pyinstaller --distpath=../dist --workpath=../build -y ../src/have_I_b33n_pwned.py
|
||||||
|
|||||||
143
src/have_I_b33n_pwned.py
Normal file → Executable file
143
src/have_I_b33n_pwned.py
Normal file → Executable file
@ -21,82 +21,83 @@
|
|||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
# updater script for nextcloud
|
# updater script for nextcloud
|
||||||
#
|
#
|
||||||
# TODO
|
#TODO
|
||||||
# - add feature: keepass integration? isnt there something like this already?
|
# - add feature: keepass integration? isnt there something like this already?
|
||||||
|
# - handle mail API exeption more precisely
|
||||||
|
|
||||||
|
|
||||||
|
from os import name
|
||||||
from sys import argv, stdout, exit
|
from sys import argv, stdout, exit
|
||||||
|
from re import match
|
||||||
from argparse import ArgumentParser
|
from argparse import ArgumentParser
|
||||||
from hashlib import sha1
|
from hashlib import sha1
|
||||||
from getpass import getpass
|
from getpass import getpass
|
||||||
from requests import get
|
import requests
|
||||||
|
|
||||||
|
|
||||||
RED = "\033[1;31m"
|
if name == 'nt': # disable colors for windows environment
|
||||||
GREEN = "\033[0;32m"
|
(RED, GREEN, RESET) = ("", "", "")
|
||||||
RESET = "\033[0;0m"
|
else:
|
||||||
API = 'https://api.pwnedpasswords.com/range/'
|
(RED, GREEN, RESET) = ("\033[1;31m", "\033[0;32m", "\033[0;0m")
|
||||||
API_MAIL = 'https://haveibeenpwned.com/api/v2/breachedaccount/'
|
|
||||||
|
PASSWORD_API = 'https://api.pwnedpasswords.com/range/'
|
||||||
|
MAIL_API = 'https://haveibeenpwned.com/api/v2/breachedaccount/'
|
||||||
ROW = '{:<30}{:<10}{:<45}'
|
ROW = '{:<30}{:<10}{:<45}'
|
||||||
HIDDEN = False
|
HIDDEN = True
|
||||||
|
INFINITE = True
|
||||||
|
|
||||||
|
|
||||||
parser = ArgumentParser(
|
parser = ArgumentParser(
|
||||||
description='Check if your email or password appears in a data leak.',
|
description='Check if your email or password appears in a data leak.',
|
||||||
epilog='Moritz Münch, moritzmuench@mailbox.org, willipink.eu, GPL3+'
|
epilog='Moritz Münch, moritzmuench@mailbox.org, willipink.eu, GPL3+')
|
||||||
)
|
parser.add_argument('input',
|
||||||
parser.add_argument('-m', '-mail', '--mail',
|
nargs='*',
|
||||||
metavar='foo@adress.bar',
|
metavar='password or mail adress',
|
||||||
nargs='+',
|
help='''You can specify passwords and mail adresses seperated by spaces.
|
||||||
help='Email address which should be checked against the leak database.'
|
If the password contains a space you have to enclose it in quotes like ' or
|
||||||
)
|
"''')
|
||||||
parser.add_argument('-p', '-password', '--password',
|
parser.add_argument('-s', '-show', '--show',
|
||||||
metavar='password',
|
nargs='?',
|
||||||
nargs='+',
|
help='Show entered in leak summary')
|
||||||
help='Password which should be checked against the leak database.'
|
|
||||||
)
|
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
if args.show:
|
||||||
|
HIDDEN = False
|
||||||
|
|
||||||
|
|
||||||
|
def input_prompt():
|
||||||
def header():
|
|
||||||
print()
|
|
||||||
print(ROW.format('password', 'leaked', 'sha1'))
|
|
||||||
print('-' * 80)
|
|
||||||
|
|
||||||
|
|
||||||
def prompt_password_or_mail():
|
|
||||||
print()
|
|
||||||
while True:
|
|
||||||
choice = input('Do you wannt to check a password [p] or an email adress [e]: ')
|
|
||||||
if choice == 'p':
|
|
||||||
prompt_password()
|
|
||||||
elif choice == 'e':
|
|
||||||
prompt_mail()
|
|
||||||
|
|
||||||
|
|
||||||
def prompt_password():
|
|
||||||
print()
|
|
||||||
password = getpass('Tell me your password: ')
|
|
||||||
global HIDDEN
|
global HIDDEN
|
||||||
HIDDEN = True
|
if HIDDEN:
|
||||||
header()
|
user_input = getpass('Tell me your password or mail adress: ')
|
||||||
query_password(password)
|
else:
|
||||||
|
user_input = input('Tell me your password or mail adress: ')
|
||||||
|
check_mail_or_password(user_input)
|
||||||
|
|
||||||
|
|
||||||
def prompt_mail():
|
def check_mail_or_password(user_input):
|
||||||
print()
|
valid_mail = match(r'^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$', user_input)
|
||||||
mail = input('Tell me your mail adress: ')
|
if valid_mail:
|
||||||
global HIDDEN
|
query_mail(valid_mail.group())
|
||||||
HIDDEN = True
|
else:
|
||||||
header()
|
query_password(user_input)
|
||||||
query_mail(mail)
|
|
||||||
|
|
||||||
|
def no_connection_to(url):
|
||||||
|
''' Warn about no connection to *url* and exit '''
|
||||||
|
stdout.write(RED)
|
||||||
|
print('Could not connect to {}, please check your internet connection'.format(url))
|
||||||
|
stdout.write(RESET)
|
||||||
|
exit(1)
|
||||||
|
|
||||||
|
|
||||||
def query_password(password):
|
def query_password(password):
|
||||||
|
''' Query the first 5 digits of the sha1 hash of the user input
|
||||||
|
ti the haveibeenpwned.com api. '''
|
||||||
password_hash = sha1(password.encode('UTF-8')).hexdigest().upper()
|
password_hash = sha1(password.encode('UTF-8')).hexdigest().upper()
|
||||||
request = password_hash[:5]
|
request = password_hash[:5]
|
||||||
response = get(API + request).text
|
try:
|
||||||
|
response = requests.get(PASSWORD_API + request).text
|
||||||
|
except requests.exceptions.ConnectionError:
|
||||||
|
no_connection_to(PASSWORD_API)
|
||||||
hash_searched = 'not yet'
|
hash_searched = 'not yet'
|
||||||
for answer in response.splitlines():
|
for answer in response.splitlines():
|
||||||
data = answer.split(':')
|
data = answer.split(':')
|
||||||
@ -104,26 +105,23 @@ def query_password(password):
|
|||||||
if password_hash == combined_hash:
|
if password_hash == combined_hash:
|
||||||
hash_searched = int(data[1])
|
hash_searched = int(data[1])
|
||||||
break
|
break
|
||||||
|
|
||||||
if hash_searched == 'not yet':
|
if hash_searched == 'not yet':
|
||||||
stdout.write(GREEN)
|
stdout.write(GREEN)
|
||||||
else:
|
else:
|
||||||
stdout.write(RED)
|
stdout.write(RED)
|
||||||
|
|
||||||
if HIDDEN:
|
if HIDDEN:
|
||||||
password = '*' * len(password)
|
password = '*' * len(password)
|
||||||
|
print(ROW.format('password', 'leaked', 'sha1'))
|
||||||
|
print('-' * 80)
|
||||||
print(ROW.format(password, hash_searched, password_hash))
|
print(ROW.format(password, hash_searched, password_hash))
|
||||||
stdout.write(RESET)
|
stdout.write(RESET)
|
||||||
|
if INFINITE:
|
||||||
if HIDDEN:
|
input_prompt()
|
||||||
prompt_password_or_mail()
|
|
||||||
|
|
||||||
|
|
||||||
def query_mail(mail):
|
def query_mail(mail):
|
||||||
print()
|
|
||||||
try:
|
try:
|
||||||
response = get(API_MAIL + mail).json()
|
response = requests.get(MAIL_API + mail).json()
|
||||||
for breach in response:
|
for breach in response:
|
||||||
print('Name: {}'.format(breach['Name']))
|
print('Name: {}'.format(breach['Name']))
|
||||||
print('Title: {}'.format(breach['Title']))
|
print('Title: {}'.format(breach['Title']))
|
||||||
@ -133,28 +131,27 @@ def query_mail(mail):
|
|||||||
print('Modified date: {}'.format(breach['ModifiedDate']))
|
print('Modified date: {}'.format(breach['ModifiedDate']))
|
||||||
print('Pwn count: {}'.format(breach['PwnCount']))
|
print('Pwn count: {}'.format(breach['PwnCount']))
|
||||||
print('Description: {}'.format(breach['Description']))
|
print('Description: {}'.format(breach['Description']))
|
||||||
|
stdout.write(RED)
|
||||||
print('Breached data: {}'.format(', '.join([data for data in breach['DataClasses']])))
|
print('Breached data: {}'.format(', '.join([data for data in breach['DataClasses']])))
|
||||||
|
stdout.write(RESET)
|
||||||
print('Verified: {}'.format('yes' if breach['IsVerified'] == 1 else 'No'))
|
print('Verified: {}'.format('yes' if breach['IsVerified'] == 1 else 'No'))
|
||||||
print('Fabricated: {}'.format('yes' if breach['IsFabricated'] == 1 else 'No'))
|
print('Fabricated: {}'.format('yes' if breach['IsFabricated'] == 1 else 'No'))
|
||||||
print('Sensitive: {}'.format('yes' if breach['IsSensitive'] == 1 else 'No'))
|
print('Sensitive: {}'.format('yes' if breach['IsSensitive'] == 1 else 'No'))
|
||||||
print('Retired: {}'.format('yes' if breach['IsRetired'] == 1 else 'No'))
|
print('Retired: {}'.format('yes' if breach['IsRetired'] == 1 else 'No'))
|
||||||
print('Spam: {}'.format('yes' if breach['IsSpamList'] == 1 else 'No'))
|
print('Spam: {}'.format('yes' if breach['IsSpamList'] == 1 else 'No'))
|
||||||
|
except requests.exceptions.ConnectionError:
|
||||||
|
no_connection_to(MAIL_API)
|
||||||
except:
|
except:
|
||||||
print('The mail adress {} was not found in any leak databases so far'.format(mail))
|
stdout.write(GREEN)
|
||||||
|
print('The mail adress {} is not in the leak database.'.format(mail))
|
||||||
if HIDDEN:
|
stdout.write(RESET)
|
||||||
prompt_password_or_mail()
|
query_password(mail)
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
if args.password:
|
if args.input:
|
||||||
header()
|
for user_input in args.input:
|
||||||
for password in args.password:
|
check_mail_or_password(user_input)
|
||||||
query_password(password)
|
|
||||||
elif args.mail:
|
|
||||||
for mail in args.mail:
|
|
||||||
query_mail(mail)
|
|
||||||
else:
|
else:
|
||||||
prompt_password_or_mail()
|
INFINITE = True
|
||||||
print()
|
input_prompt()
|
||||||
exit(0)
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user