have_i_b33n_pwned/have_I_b33n_pwned.py
2019-05-12 15:12:47 +02:00

90 lines
2.2 KiB
Python
Executable File

#!/usr/bin/env python3
# have_I_b33n_pwned.py
# Check if your password (hash) appears in the leaked password database
# of haveibeenpwned.com
#
# Copyright (C) 2019 willipink.eu
# Author Moritz Münch moritzmuench@mailbox.org
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# updater script for nextcloud
from sys import argv, stdout
from hashlib import sha1
from getpass import getpass
from requests import get
RED = "\033[1;31m"
GREEN = "\033[0;32m"
RESET = "\033[0;0m"
API = 'https://api.pwnedpasswords.com/range/'
ROW = '{:<30}{:<10}{:<45}'
HIDDEN = False
def header():
print()
print(ROW.format('password', 'leaked', 'sha1'))
print('-' * 80)
def prompt_password():
print()
password = getpass('Tell me your password: ')
global HIDDEN
HIDDEN = True
header()
query(password)
def query(password):
password_hash = sha1(password.encode('UTF-8')).hexdigest().upper()
request = password_hash[:5]
response = get(API + request).text
hash_searched = 'not yet'
for answer in response.splitlines():
data = answer.split(':')
combined_hash = request + data[0]
if password_hash == combined_hash:
hash_searched = int(data[1])
break
if hash_searched == 'not yet':
stdout.write(GREEN)
else:
stdout.write(RED)
if HIDDEN:
password = '*' * len(password)
print(ROW.format(password, hash_searched, password_hash))
stdout.write(RESET)
if HIDDEN:
prompt_password()
if __name__ == '__main__':
if len(argv) < 2:
prompt_password()
else:
header()
for password in argv[1:]:
query(password)
print()
exit(0)