Skip to content

Instantly share code, notes, and snippets.

@gpanders

gpanders/pwck

Last active March 2, 2020 03:11
Show Gist options
  • Save gpanders/5c6582fb816c7d69c8e72b31251dd07c to your computer and use it in GitHub Desktop.
Save gpanders/5c6582fb816c7d69c8e72b31251dd07c to your computer and use it in GitHub Desktop.
Download ZIP
Shell script to check passwords against HIBP database (https://haveibeenpwned.com/)
Raw
pwck
#!/bin/sh
usage() {
echo "Usage: $(basename "$0") [-q] [PASSWORD]"
}
while getopts "hq" o; do
case "$o" in
h) usage; exit 0 ;;
q) quiet=1 ;;
*) usage >&2; exit 1 ;;
esac
done
shift $((OPTIND-1))
password="$1"
if [ -z "$password" ]; then
if [ -t 0 ]; then
printf 'Password: '
stty -echo
fi
read -r password
if [ -t 0 ]; then
stty echo
printf '\n'
fi
fi
hash=$(echo "$password" | tr -d '\n' | sha1sum | cut -d' ' -f 1 | tr 'a-f' 'A-F')
prefix=$(echo "$hash" | cut -c 1-5)
suffix=$(echo "$hash" | cut -c 6-)
match=$(curl -s https://api.pwnedpasswords.com/range/"$prefix" | grep "^$suffix")
if [ -n "$match" ]; then
nmatches=$(echo "$match" | cut -d: -f 2 | tr -d '\r')
[ -z "$quiet" ] && echo "The password you entered was found $nmatches times in known data breaches."
exit 1
elif [ -z "$quiet" ]; then
echo "The password you entered was not found in any known data breaches."
fi
@gpanders
Copy link
Author

gpanders commented Mar 2, 2020
edited
Loading

Usage examples

Check a password interactively:

$ pwck
Password: *********
The password you entered was found 3730471 times in known data breaches.

Check a password from pass:

$ pass [email protected] | pwck
The password you entered was not found in any known data breaches.

Install

$ wget -O /usr/local/bin/pwck https://git.io/Jv2c0 && chmod +x /usr/local/bin/pwck

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment