mikepound / pwned-search Goto Github PK
View Code? Open in Web Editor NEWPwned Password API lookup
License: The Unlicense
Pwned Password API lookup
License: The Unlicense
C# version uses ASCII encoding to read the input text, which is not in-line with Python version where utf-8 is used.
Not an Issue really.
Just wanted to say thanks for the code and show you where I integrated it on my company site.
https://cybrgrade.com/?check_passwords
P.S. Love the YouTube channel too :D
Cheers,
Stu Patterson.
;)
Example used 'correct horse battery staple'
Not found when:
byte[] data = sha.ComputeHash(Encoding.Unicode.GetBytes(plaintext));
CC8FA060AEE866AF1D5E829F5A10AFEDEE435577
Found when:
byte[] data = sha.ComputeHash(Encoding.ASCII.GetBytes(plaintext));
ABF7AAD6438836DBE526AA231ABDE2D0EEF74D42
'AD6438836DBE526AA231ABDE2D0EEF74D42:3'
Have not tested the Python, but considering that was the example in the ComputerPhile video I'm guessing that one was tested much more extensively.
Since this tool might be used by people other than programmers, complete compatibility with Python2 is a desirable feature. Almost all the code is already backwards compatible and the only (minor) issue is in the two print
statements in the main
function (line 39 and line 43), which, in Python2, currently print something like
('Password1', 'was found')
These can be easily modified to use string formatting so as to make the code 100% compatible with Python2 and produce the same results regardless of the version.
In other words, change print(pwd, "was found")
to print("{} was found".format(pwd))
and print(pwd, "was not found")
to print("{} was not found".format(pwd))
If you run the program as demonstrated at a Bash command, you could wind up with funky things happening if you have special characters in your password.
If your password is TheyreGreat!!!, and you run python pwned.py TheyreGreat!!!
, Bash will interpret the double exclamation points as a call back to the last command run.
If your password is TheyreGreat!$, Bash will interpret the !$ as the last word of the last command run.
If your password is TheyreGreat!100, Bash will interpret the !100 as the hundredth command in your history.
To run the program properly, you'll have to put single quotes around your password if you have special characters in it. Otherwise, the program would need to be rewritten to as for the password as input rather than a command-line argument.
And, TheyreGreat!!! is not found.
After execution the .ps1 terminates promptly. Consider adding some sort of user input at the end of the script, for example:
Write-Host -NoNewLine 'Press any key to continue...';
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown')
Isn't it a bit worrying that the password is stored in plaintext in the terminal history?
either the bash or python script works if the passwd contains a "!" exclamation point in it.
Many password managers export to CSV format. That'll make checking in bulk much easier.
CSV isn't that necessary considering you can just copy paste them using any spreadsheet software. But please add TXT support.
according to API:
Each password is stored as a SHA-1 hash of a UTF-8 encoded password..
sha1pwd = hashlib.sha1(pwd.encode('utf-8')).hexdigest().upper()
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.