Inital Commit für pwned-handler

LICENSE

@@ -1,9 +1,24 @@
-MIT License
+This is free and unencumbered software released into the public domain.
 
-Copyright (c) <year> <copyright holders>
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
 
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
 
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+For more information, please refer to <http://unlicense.org>

README.md

@@ -1,3 +1,21 @@
-# pwnd-search-master
+# pwned-search
+Pwned Password API lookup
 
-Client-Side Api Handler für have-i-been-pwned Anfragen.
+- Required libaries:
+
+* requests: `pip install requests`
+
+Usage:
+
+* `python pwned.py` – reads passwords from standard input;
+* `python pwned.py <[file-with-passwords]` – reads passwords from
+  a file;
+* `another-command | python pwned.py` – reads
+  passwords written to standard output by another command;
+* `python pwned.py [password]` – checks passwords given as command line
+  arguments (beware the password may be saved in shell history and that
+  other users on the system ma be able to observe the command line).
+
+Thanks to those who fixed my dodgy code :)
+
+Have fun! Oh, and if you find one of your own passwords, change it asap!

csharp/App.config

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+    <startup>
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
+    </startup>
+</configuration>

csharp/Properties/AssemblyInfo.cs

@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("pwned_search")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("pwned_search")]
+[assembly: AssemblyCopyright("")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("16bc2ac9-dcda-44b2-aa3c-3537ce769319")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]

csharp/README.md

@@ -0,0 +1 @@
+C# version

csharp/pwned-search.cs

@@ -0,0 +1,49 @@
+using System;
+using System.Security.Cryptography;
+using System.Text;
+using System.Net;
+using System.IO;
+
+namespace pwned_search {
+    class Program {
+        static void Main(string[] args) {
+            Console.Write("Enter the password to check: ");
+            string plaintext = Console.ReadLine();
+
+            SHA1 sha = new SHA1CryptoServiceProvider();
+            byte[] data = sha.ComputeHash(Encoding.ASCII.GetBytes(plaintext));
+
+            // Loop through each byte of the hashed data 
+            // and format each one as a hexadecimal string.
+            var sBuilder = new StringBuilder();
+            for (int i = 0; i < data.Length; i++) {
+                sBuilder.Append(data[i].ToString("x2"));
+            }
+            string result = sBuilder.ToString().ToUpper();
+            Console.WriteLine($"The SHA-1 hash of {plaintext} is: {result}");
+
+            // get a list of all the possible passwords where the first 5 digits of the hash are the same
+            string url = "https://api.pwnedpasswords.com/range/" + result.Substring(0, 5);
+            WebRequest request= WebRequest.Create(url);
+            Stream response = request.GetResponse().GetResponseStream();
+            StreamReader reader = new StreamReader(response);
+
+            // look at each possibility and compare the rest of the hash to see if there is a match
+            string hashToCheck = result.Substring(5);
+            while (true) {
+                string line = reader.ReadLine();
+                if (line == null) {
+                    Console.WriteLine("That password was not found.");
+                    break;
+                }
+                string[] parts = line.Split(':');
+                if (parts[0] == hashToCheck) {
+                    Console.WriteLine("Password has been compromised -- DO NOT USE!");
+                    break;
+                }
+            }
+            
+            Console.ReadKey(); // pause until key press
+        }
+    }
+}

csharp/pwned-search.csproj

@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{16BC2AC9-DCDA-44B2-AA3C-3537CE769319}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <RootNamespace>pwned_search</RootNamespace>
+    <AssemblyName>pwned-search</AssemblyName>
+    <TargetFrameworkVersion>v4.6.1</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+    <PublishUrl>publish\</PublishUrl>
+    <Install>true</Install>
+    <InstallFrom>Disk</InstallFrom>
+    <UpdateEnabled>false</UpdateEnabled>
+    <UpdateMode>Foreground</UpdateMode>
+    <UpdateInterval>7</UpdateInterval>
+    <UpdateIntervalUnits>Days</UpdateIntervalUnits>
+    <UpdatePeriodically>false</UpdatePeriodically>
+    <UpdateRequired>false</UpdateRequired>
+    <MapFileExtensions>true</MapFileExtensions>
+    <ApplicationRevision>0</ApplicationRevision>
+    <ApplicationVersion>1.0.0.%2a</ApplicationVersion>
+    <IsWebBootstrapper>false</IsWebBootstrapper>
+    <UseApplicationTrust>false</UseApplicationTrust>
+    <BootstrapperEnabled>true</BootstrapperEnabled>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="pwned-search.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
+  <ItemGroup>
+    <BootstrapperPackage Include=".NETFramework,Version=v4.6.1">
+      <Visible>False</Visible>
+      <ProductName>Microsoft .NET Framework 4.6.1 %28x86 and x64%29</ProductName>
+      <Install>true</Install>
+    </BootstrapperPackage>
+    <BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
+      <Visible>False</Visible>
+      <ProductName>.NET Framework 3.5 SP1</ProductName>
+      <Install>false</Install>
+    </BootstrapperPackage>
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+</Project>

csharp/pwned-search.sln

@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.28307.421
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "pwned-search", "pwned-search.csproj", "{16BC2AC9-DCDA-44B2-AA3C-3537CE769319}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{16BC2AC9-DCDA-44B2-AA3C-3537CE769319}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{16BC2AC9-DCDA-44B2-AA3C-3537CE769319}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{16BC2AC9-DCDA-44B2-AA3C-3537CE769319}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{16BC2AC9-DCDA-44B2-AA3C-3537CE769319}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {8A16037A-221E-4C67-9C1A-348C35C8DA98}
+	EndGlobalSection
+EndGlobal

pwned-search.ps1

@@ -0,0 +1,22 @@
+$string = Read-Host -Prompt 'Password to check'
+$bytes = [System.Text.Encoding]::UTF8.GetBytes($string)
+$sha1 = New-Object System.Security.Cryptography.SHA1CryptoServiceProvider
+$data = $sha1.ComputeHash($bytes)
+$result = ($data | ForEach-Object ToString X2) -join ''
+$result = $result.ToUpper()
+$head = $result.Substring(0,5)
+$tail = $result.Substring(5)
+
+[Net.ServicePointManager]::SecurityProtocol = "TLS12, TLS11, TLS, SSL3"
+$request = [System.Net.WebRequest]::Create("https://api.pwnedpasswords.com/range/" + $head)
+$reader = New-Object System.IO.StreamReader(($request.GetResponse()).GetResponseStream())
+
+$found = 0
+while (($line = $reader.ReadLine()) -ne $null) {
+    if ($line.Split(':')[0] -eq $tail) {
+        Write-Host "That password has been compromised."
+        $found = 1
+        break
+    }
+}
+if ($found -eq 0) { Write-Host "That password was not found." }

pwned.py

@@ -0,0 +1,62 @@
+#!/usr/bin/env python
+import hashlib
+import sys
+
+try:
+    import requests
+except ModuleNotFoundError:
+    print("###  pip install requests  ###")
+    raise
+
+
+def lookup_pwned_api(pwd):
+    """Returns hash and number of times password was seen in pwned database.
+
+    Args:
+        pwd: password to check
+
+    Returns:
+        A (sha1, count) tuple where sha1 is SHA-1 hash of pwd and count is number
+        of times the password was seen in the pwned database.  count equal zero
+        indicates that password has not been found.
+
+    Raises:
+        RuntimeError: if there was an error trying to fetch data from pwned
+            database.
+        UnicodeError: if there was an error UTF_encoding the password.
+    """
+    sha1pwd = hashlib.sha1(pwd.encode('utf-8')).hexdigest().upper()
+    head, tail = sha1pwd[:5], sha1pwd[5:]
+    url = 'https://api.pwnedpasswords.com/range/' + head
+    res = requests.get(url)
+    if res.status_code != 200:
+        raise RuntimeError('Error fetching "{}": {}'.format(
+            url, res.status_code))
+    hashes = (line.split(':') for line in res.text.splitlines())
+    count = next((int(count) for t, count in hashes if t == tail), 0)
+    return sha1pwd, count
+
+
+def main(args):
+    ec = 0
+    for pwd in args or sys.stdin:
+        pwd = pwd.strip()
+        try:
+            sha1pwd, count = lookup_pwned_api(pwd)
+
+            if count:
+                foundmsg = "{0} was found with {1} occurrences (hash: {2})"
+                print(foundmsg.format(pwd, count, sha1pwd))
+                ec = 1
+            else:
+                print("{} was not found".format(pwd))
+        except UnicodeError:
+            errormsg = sys.exc_info()[1]
+            print("{0} could not be checked: {1}".format(pwd, errormsg))
+            ec = 1
+            continue
+    return ec
+
+
+if __name__ == '__main__':
+    sys.exit(main(sys.argv[1:]))