close TODO: add feature email check

add feature to also check for email adresses
add argparser, add template for checking email adress against leak database
2019-05-29 14:11:50 +02:00 · 2019-05-29 14:11:17 +02:00 · 2019-05-29 13:41:45 +02:00
3 changed files with 87 additions and 12 deletions
--- a/1
+++ b/1
@ -8,6 +8,7 @@ verify_ssl = true
 [packages]
 requests = "*"
 pyinstaller = "*"
+argparse = "*"

 [requires]
 python_version = "3.7"
--- a/Pipfile.lock
+++ b/Pipfile.lock
@ -1,7 +1,7 @@
 {
    "_meta": {
        "hash": {
-            "sha256": "38e2af2d59158d85bb4d55eb3140a0745c9eb21635643df4b2192cdd0abc2074"
+            "sha256": "72f7b87a032a3c10cfa8b0914121403db30a4f3582386cce2f516a1b7f897b42"
        },
        "pipfile-spec": 6,
        "requires": {
@ -23,6 +23,14 @@
            ],
            "version": "==0.16.1"
        },
+        "argparse": {
+            "hashes": [
+                "sha256:62b089a55be1d8949cd2bc7e0df0bddb9e028faefc8c32038cc84862aefdd6e4",
+                "sha256:c31647edb69fd3d465a847ea3157d37bed1f95f19760b11a47aa91c04b666314"
+            ],
+            "index": "pypi",
+            "version": "==1.4.0"
+        },
        "certifi": {
            "hashes": [
                "sha256:59b7658e26ca9c7339e00f8f4636cdfe59d34fa37b9b04f6f9e9926b3cece1a5",
@ -39,7 +47,6 @@
        },
        "future": {
            "hashes": [
-                "sha256:1d73b8a1aab19cb8c2c961ba82bf93860e1fb7d361be21e7288691c068cd3cfc",
                "sha256:67045236dcfd6816dc439556d009594abf643e5eb48992e36beac09c2ca659b8"
            ],
            "version": "==0.17.1"
--- a/src/have_I_b33n_pwned.py
+++ b/src/have_I_b33n_pwned.py
@ -22,40 +22,78 @@
 # updater script for nextcloud
 #
 # TODO
-# - add feature: also check for email breaches
 # - add feature: keepass integration? isnt there something like this already?


-
 from sys import argv, stdout, exit
+from argparse import ArgumentParser
 from hashlib import sha1
 from getpass import getpass
 from requests import get

+
 RED   = "\033[1;31m"
 GREEN = "\033[0;32m"
 RESET = "\033[0;0m"
 API   = 'https://api.pwnedpasswords.com/range/'
+API_MAIL = 'https://haveibeenpwned.com/api/v2/breachedaccount/'
 ROW   = '{:<30}{:<10}{:<45}'
 HIDDEN = False


+parser = ArgumentParser(
+    description='Check if your email or password appears in a data leak.',
+    epilog='Moritz Münch, moritzmuench@mailbox.org, willipink.eu, GPL3+'
+)
+parser.add_argument('-m', '-mail', '--mail',
+    metavar='foo@adress.bar',
+    nargs='+',
+    help='Email address which should be checked against the leak database.'
+)
+parser.add_argument('-p', '-password', '--password',
+    metavar='password',
+    nargs='+',
+    help='Password which should be checked against the leak database.'
+)
+args = parser.parse_args()
+    
+
+
 def header():
    print()
    print(ROW.format('password', 'leaked', 'sha1'))
    print('-' * 80)


+def prompt_password_or_mail():
+    print()
+    while True:
+        choice = input('Do you wannt to check a password [p] or an email adress [e]: ')
+        if choice == 'p':
+            prompt_password()
+        elif choice == 'e':
+            prompt_mail()
+
+
 def prompt_password():
    print()
    password = getpass('Tell me your password: ')
    global HIDDEN
    HIDDEN = True
    header()
-    query(password)
+    query_password(password)


-def query(password):
+def prompt_mail():
+    print()
+    mail = input('Tell me your mail adress: ')
+    global HIDDEN
+    HIDDEN = True
+    header()
+    query_mail(mail)
+
+
+def query_password(password):
    password_hash = sha1(password.encode('UTF-8')).hexdigest().upper()
    request = password_hash[:5]
    response = get(API + request).text
@ -79,15 +117,44 @@ def query(password):
    stdout.write(RESET)

    if HIDDEN:
-        prompt_password()
+        prompt_password_or_mail()
+
+
+def query_mail(mail):
+    print()
+    try:
+        response = get(API_MAIL + mail).json()
+        for breach in response:
+            print('Name: {}'.format(breach['Name']))
+            print('Title: {}'.format(breach['Title']))
+            print('Domain: {}'.format(breach['Domain']))
+            print('Breach date: {}'.format(breach['BreachDate']))
+            print('Added date: {}'.format(breach['AddedDate']))
+            print('Modified date: {}'.format(breach['ModifiedDate']))
+            print('Pwn count: {}'.format(breach['PwnCount']))
+            print('Description: {}'.format(breach['Description']))
+            print('Breached data: {}'.format(', '.join([data for data in breach['DataClasses']])))
+            print('Verified: {}'.format('yes' if breach['IsVerified'] == 1 else 'No'))
+            print('Fabricated: {}'.format('yes' if breach['IsFabricated'] == 1 else 'No'))
+            print('Sensitive: {}'.format('yes' if breach['IsSensitive'] == 1 else 'No'))
+            print('Retired: {}'.format('yes' if breach['IsRetired'] == 1 else 'No'))
+            print('Spam: {}'.format('yes' if breach['IsSpamList'] == 1 else 'No'))
+    except:
+        print('The mail adress {} was not found in any leak databases so far'.format(mail))
+
+    if HIDDEN:
+        prompt_password_or_mail()


 if __name__ == '__main__':
-    if len(argv) < 2:
-        prompt_password()
-    else:
+    if args.password:
        header()
-        for password in argv[1:]:
-            query(password)
+        for password in args.password:
+            query_password(password)
+    elif args.mail:
+        for mail in args.mail:
+            query_mail(mail)
+    else:
+        prompt_password_or_mail()
    print()
    exit(0)
Author	SHA1	Message	Date
moritz	89ccef0e46	close TODO: add feature email check	2019-05-29 14:11:50 +02:00
moritz	ef3c85aa2d	add feature to also check for email adresses	2019-05-29 14:11:17 +02:00
moritz	c500bdfe9e	add argparser, add template for checking email adress against leak database	2019-05-29 13:41:45 +02:00