|
|
@@ -0,0 +1,60 @@
|
|
|
+#!/usr/bin/env perl
|
|
|
+
|
|
|
+use strict;
|
|
|
+use warnings;
|
|
|
+use Digest::SHA qw(sha1_hex);
|
|
|
+
|
|
|
+# Script to check a password via pwnedpasswords.com with k-anonimity
|
|
|
+# https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity
|
|
|
+# https://haveibeenpwned.com/API/v2#PwnedPasswords
|
|
|
+
|
|
|
+my $api = "https://api.pwnedpasswords.com/range/";
|
|
|
+
|
|
|
+my $curlBin = `which curl`;
|
|
|
+chomp $curlBin;
|
|
|
+
|
|
|
+if ( ! -f $curlBin ) {
|
|
|
+ print "You need curl to use this script\n";
|
|
|
+ exit 1;
|
|
|
+}
|
|
|
+
|
|
|
+if ( ! defined $ARGV[0] ) {
|
|
|
+ print "Please pass a password\n";
|
|
|
+ exit 1;
|
|
|
+}
|
|
|
+
|
|
|
+# Clear term to remove visible pw from screen
|
|
|
+my $clear_bin = `which clear`;
|
|
|
+chomp $clear_bin;
|
|
|
+if ( -f $clear_bin ) {
|
|
|
+ #system("$clear_bin");
|
|
|
+}
|
|
|
+
|
|
|
+my $pw = shift(@ARGV);
|
|
|
+chomp $pw;
|
|
|
+my $pw_sha1 = uc(sha1_hex("$pw"));
|
|
|
+$pw_sha1 =~ m/(^[0-9A-Z]{40})/;
|
|
|
+$pw_sha1 = $1;
|
|
|
+$pw_sha1 =~ m/(^[0-9A-Z]{5})([0-9A-Z]{35})/;
|
|
|
+my $first_five = $1;
|
|
|
+my $rest = $2;
|
|
|
+chomp $first_five; chomp $rest;
|
|
|
+
|
|
|
+my @results = split("\n", `curl -s $api/$first_five`);
|
|
|
+my $count = 0;
|
|
|
+foreach my $result ( @results ) {
|
|
|
+ chomp $result;
|
|
|
+ $result =~ m/(^[0-9A-Z]{35})/;
|
|
|
+ my $segment = $1;
|
|
|
+ if ( $segment eq $rest ) {
|
|
|
+ $result =~ m/^([0-9A-Z]{35})\:([0-9].*)$/;
|
|
|
+ my $count = $2;
|
|
|
+ $count =~ s/\r//g;
|
|
|
+ print "$count appearances\n";
|
|
|
+ exit 0;
|
|
|
+ } else {
|
|
|
+ next;
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+print "No appearances\n";
|
