123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 |
- #!/usr/bin/env perl
- use strict;
- use warnings;
- use Digest::SHA qw(sha1_hex);
- # Script to check a password via pwnedpasswords.com with k-anonimity
- # https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity
- # https://haveibeenpwned.com/API/v2#PwnedPasswords
- my $api = "https://api.pwnedpasswords.com/range/";
- my $curlBin = `which curl`;
- chomp $curlBin;
- if ( ! -f $curlBin ) {
- print "You need curl to use this script\n";
- exit 1;
- }
- if ( ! defined $ARGV[0] ) {
- print "Please pass a password\n";
- exit 1;
- }
- # Clear term to remove visible pw from screen
- my $clear_bin = `which clear`;
- chomp $clear_bin;
- if ( -f $clear_bin ) {
- #system("$clear_bin");
- }
- my $pw = shift(@ARGV);
- chomp $pw;
- my $pw_sha1 = uc(sha1_hex("$pw"));
- $pw_sha1 =~ m/(^[0-9A-Z]{40})/;
- $pw_sha1 = $1;
- $pw_sha1 =~ m/(^[0-9A-Z]{5})([0-9A-Z]{35})/;
- my $first_five = $1;
- my $rest = $2;
- chomp $first_five; chomp $rest;
- my @results = split("\n", `curl -s $api/$first_five`);
- my $count = 0;
- foreach my $result ( @results ) {
- chomp $result;
- $result =~ m/(^[0-9A-Z]{35})/;
- my $segment = $1;
- if ( $segment eq $rest ) {
- $result =~ m/^([0-9A-Z]{35})\:([0-9].*)$/;
- my $count = $2;
- $count =~ s/\r//g;
- print "$count appearances\n";
- exit 0;
- } else {
- next;
- }
- }
- print "No appearances\n";
|