-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathhibp.pl
executable file
·48 lines (37 loc) · 1.14 KB
/
hibp.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/perl
# Check locally if password is in the HaveIBeenPawned database
# using the range API described on https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
# by
# Robert C. Helling ([email protected])
#
# published under GNU General Public License v2.0 (GPL 2.0)
# Functional style
use Digest::SHA1 qw(sha1 sha1_hex sha1_base64);
use Term::ReadKey;
use HTTP::Tiny;
# Hier Proxy eintragen und Kommentarzeichen '#' entfernen
# $proxy = "http://myhost:3128";
while(1) {
print "Password to check:\n";
ReadMode ( 'noecho' );
my $pw = <STDIN>;
ReadMode ( 'normal' ); #Back to your regularly scheduled program
chomp $pw;
last unless $pw =~ /\S/;
$sha = sha1_hex($pw);
$first = substr($sha, 0, 5);
$rest = substr($sha, 5);
print "SHA-1: $sha\n";
$url = "https://api.pwnedpasswords.com/range/$first";
$response = HTTP::Tiny->new(proxy => $proxy)->get($url);
die "Cannot reach API" unless $response->{success};
$answer = $response->{content};
my $hits = 0;
foreach $line(split /\n/, $answer) {
if ($line =~ /$rest/i) {
print "\nFound: $line\n";
++$hits;
}
}
}
exit($hits);