Created
January 17, 2019 20:24
-
-
Save hacst/44c62fa480c691bcfb6e5c2ab46818a2 to your computer and use it in GitHub Desktop.
Small python console script to check whether your password has been leaked to https://haveibeenpwned.com/ . See https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange on why this is safe to do and you aren't leaking your password by checking.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from hashlib import sha1 | |
| from getpass import getpass | |
| from requests import get | |
| def is_pwd_pwned(pwd): | |
| """ Returns tuple of (pwned:boolean, occurances) for given password""" | |
| h = sha1(pwd.encode('utf-8')).hexdigest().upper().encode('ascii') | |
| prefix_h = h[:5] | |
| suffix_h = h[5:] | |
| res = get(b"https://api.pwnedpasswords.com/range/" + prefix_h) | |
| pwned_h_suffixes = dict([e.split(b':') for e in res.iter_lines() if len(e) > 0]) | |
| if suffix_h in pwned_h_suffixes: | |
| return (True, int(pwned_h_suffixes[suffix_h])) | |
| return (False, 0) | |
| if __name__ == "__main__": | |
| pwd = getpass("Enter password to check: ") | |
| pwned, count = is_pwd_pwned(pwd) | |
| if pwned: | |
| print(f"Potentially pwned. Password {pwd} contained {count} times") | |
| else: | |
| print("Not pwned. Password not contained in database.") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment