-
Notifications
You must be signed in to change notification settings - Fork 121
/
pwned.jl
71 lines (65 loc) · 2.42 KB
/
pwned.jl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
using HTTP
using SHA
function lookup_pwned_api(pwd::AbstractString)
# Compute the SHA1 hash of pwd and split it at the fifth position
sha1pwd = bytes2hex(sha1(pwd))
head,tail = sha1pwd[1:5], sha1pwd[6:end]
# Query the pwnedpasswords API
url = "https://api.pwnedpasswords.com/range/$head"
res = HTTP.request("GET",url)
if (res.status != 200)
@error "The API lookup failed!"
end
# The hashes are stored in the body of the response as hex characters (notice: NOT integers)
# To split them, look for line-feeds, which in this case are given by CRLF (boo)
hashes = split(String(res.body),"\r\n")
hashes = [split(st,':') for st in hashes]
# Find whether or not pwd (or rather its hash) appears in the list of all hashes!
# Because the characters in the response are uppercase (01233456789ABCDEF)
# and bytes2hex produces lowercase (0123456789abcdef), comparing strings is not good enough.
# Instead do a RegEx match with the i flag set!
found = 0
re = Regex(tail,"i")
for h in hashes
# h[1] is the tail of the hash, h[2] is the number of occurances
if match(re,h[1]) != nothing
found = h[2]
break
end
end
return sha1pwd,found
end
function check_pwd(pwd::AbstractString)
# Check whether (and if so, how often) the string pwd has been pwned.
sha1pwd,cnt = "",0
try
sha1pwd,cnt = lookup_pwned_api(pwd)
catch e
# Error Message is printed elsewhere. Just return silently
return
end
# cnt is the number of occurances. If pwd has not been pwned yet, cnt is zero.
print("Password $pwd with the hash $sha1pwd was ")
if (cnt != 0)
print("found $cnt times!\n")
else
print("not found!\n")
end
end
# ARGS stores the command-line arguments passed to pwned.jl
# If none were given, ARGS is empty and pwned.jl will read from stdin
if ARGS == []
print("Reading passwords from stdin. Type exit or ^C to quit.\n")
while true
pwd = readline()
if pwd == "exit"
break
end
check_pwd(pwd)
end
else
@warn "Entering passwords in plain text on a terminal is a bad idea!i\nInstead run this program without any arguments,\nin which case it reads from stdin and no history will be created.\nIt is highly recommended to clear your terminal's history after using this program!"
for pwd in ARGS
check_pwd(pwd)
end
end