1 #!/usr/bin/env perl
2
3 use strict;
4 use warnings;
5 use Digest::SHA qw(sha1_hex);
6
7 # Script to check a password via pwnedpasswords.com with k-anonimity
8 # https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity
9 # https://haveibeenpwned.com/API/v2#PwnedPasswords
10
11 my $api = "https://api.pwnedpasswords.com/range/";
12
13 my $curlBin = `which curl`;
14 chomp $curlBin;
15
16 if ( ! -f $curlBin ) {
17 print "You need curl to use this script\n";
18 exit 1;
19 }
20
21 if ( ! defined $ARGV[0] ) {
22 print "Please pass a password\n";
23 exit 1;
24 }
25
26 # Clear term to remove visible pw from screen
27 my $clear_bin = `which clear`;
28 chomp $clear_bin;
29 if ( -f $clear_bin ) {
30 #system("$clear_bin");
31 }
32
33 my $pw = shift(@ARGV);
34 chomp $pw;
35 my $pw_sha1 = uc(sha1_hex("$pw"));
36 $pw_sha1 =~ m/(^[0-9A-Z]{40})/;
37 $pw_sha1 = $1;
38 $pw_sha1 =~ m/(^[0-9A-Z]{5})([0-9A-Z]{35})/;
39 my $first_five = $1;
40 my $rest = $2;
41 chomp $first_five; chomp $rest;
42
43 my @results = split("\n", `curl -s $api/$first_five`);
44 my $count = 0;
45 foreach my $result ( @results ) {
46 chomp $result;
47 $result =~ m/(^[0-9A-Z]{35})/;
48 my $segment = $1;
49 if ( $segment eq $rest ) {
50 $result =~ m/^([0-9A-Z]{35})\:([0-9].*)$/;
51 my $count = $2;
52 $count =~ s/\r//g;
53 print "$count appearances\n";
54 exit 0;
55 } else {
56 next;
57 }
58 }
59
60 print "No appearances\n";