pwned-search/pwned.py

import hashlib
import sys

try:
    import requests
except ModuleNotFoundError:
    print("###  pip install requests  ###")
    raise


def lookup_pwned_api(pwd):
    """Returns hash and number of times password was seen in pwned database.

    Args:
        pwd: password to check

    Returns:
        A (sha1, count) tuple where sha1 is SHA1 hash of pwd and count is number
        of times the password was seen in the pwned database.  count equal zero
        indicates that password has not been found.

    Raises:
        RuntimeError: if there was an error trying to fetch data from pwned
            database.
        UnicodeError: if there was an error UTF_encoding the password.
    """
    sha1pwd = hashlib.sha1(pwd.encode('utf-8')).hexdigest().upper()
    head, tail = sha1pwd[:5], sha1pwd[5:]
    url = 'https://api.pwnedpasswords.com/range/' + head
    res = requests.get(url)
    if res.status_code != 200:
        raise RuntimeError('Error fetching "{}": {}'.format(
            url, res.status_code))
    hashes = (line.split(':') for line in res.text.splitlines())
    count = next((int(count) for t, count in hashes if t == tail), 0)
    return sha1pwd, count


def main(args):
    ec = 0
    for pwd in args or sys.stdin:
        pwd = pwd.strip()
        try:
            sha1pwd, count = lookup_pwned_api(pwd)

            if count:
                foundmsg = "{0} was found with {1} occurrences (hash: {2})"
                print(foundmsg.format(pwd, count, sha1pwd))
                ec = 1
            else:
                print("{} was not found".format(pwd))
        except UnicodeError:
            errormsg = sys.exc_info()[1]
            print("{0} could not be checked: {1}".format(pwd, errormsg))
            ec = 1
            continue
    return ec


if __name__ == '__main__':
    sys.exit(main(sys.argv[1:]))
Remove unnecessary dependency on pyca Python’s built-in hashlib is capable of calculating SHA1. There’s no need to depend on a third party library which may or may not be available. 2019-03-13 01:39:49 +01:00			`import hashlib`
Code added 2019-03-12 22:41:07 +01:00			`import sys`

changed password encoding to utf-8 for sha-1 according to api https://haveibeenpwned.com/API/v2#PwnedPasswords 2019-03-14 11:50:17 +01:00			`try:`
			`import requests`
			`except ModuleNotFoundError:`
			`print("### pip install requests ###")`
			`raise`

Code added 2019-03-12 22:41:07 +01:00
			`def lookup_pwned_api(pwd):`
Simplify and document lookup_pwned_api interface Always return a pair from the lookup_pwned_api so that destructuring assignment can be safely used when calling the function. The second argument being zero indicates the password has not been found in the pwend database. While at it, document the function. 2019-03-13 01:41:42 +01:00			`"""Returns hash and number of times password was seen in pwned database.`

			`Args:`
			`pwd: password to check`

			`Returns:`
			`A (sha1, count) tuple where sha1 is SHA1 hash of pwd and count is number`
			`of times the password was seen in the pwned database. count equal zero`
			`indicates that password has not been found.`
Code added 2019-03-12 22:41:07 +01:00
Simplify and document lookup_pwned_api interface Always return a pair from the lookup_pwned_api so that destructuring assignment can be safely used when calling the function. The second argument being zero indicates the password has not been found in the pwend database. While at it, document the function. 2019-03-13 01:41:42 +01:00			`Raises:`
			`RuntimeError: if there was an error trying to fetch data from pwned`
			`database.`
Better error handling and output format (#6) * Update readme: fix small redirection mistake * Use one output line per password * More graceful error handling * Only catch UnicodeErrors 2019-03-14 15:33:15 +01:00			`UnicodeError: if there was an error UTF_encoding the password.`
Simplify and document lookup_pwned_api interface Always return a pair from the lookup_pwned_api so that destructuring assignment can be safely used when calling the function. The second argument being zero indicates the password has not been found in the pwend database. While at it, document the function. 2019-03-13 01:41:42 +01:00			`"""`
changed password encoding to utf-8 for sha-1 according to api https://haveibeenpwned.com/API/v2#PwnedPasswords 2019-03-14 11:50:17 +01:00			`sha1pwd = hashlib.sha1(pwd.encode('utf-8')).hexdigest().upper()`
Simplify and document lookup_pwned_api interface Always return a pair from the lookup_pwned_api so that destructuring assignment can be safely used when calling the function. The second argument being zero indicates the password has not been found in the pwend database. While at it, document the function. 2019-03-13 01:41:42 +01:00			`head, tail = sha1pwd[:5], sha1pwd[5:]`
Handle non-200 status codes explicitly 2019-03-13 02:23:20 +01:00			`url = 'https://api.pwnedpasswords.com/range/' + head`
			`res = requests.get(url)`
			`if res.status_code != 200:`
			`raise RuntimeError('Error fetching "{}": {}'.format(`
			`url, res.status_code))`
Simplify and document lookup_pwned_api interface Always return a pair from the lookup_pwned_api so that destructuring assignment can be safely used when calling the function. The second argument being zero indicates the password has not been found in the pwend database. While at it, document the function. 2019-03-13 01:41:42 +01:00			`hashes = (line.split(':') for line in res.text.splitlines())`
			`count = next((int(count) for t, count in hashes if t == tail), 0)`
			`return sha1pwd, count`
Code added 2019-03-12 22:41:07 +01:00

Add ‘__name__ == __main__’ guard so the file can be imported 2019-03-13 02:26:20 +01:00			`def main(args):`
Vary exit status based on whether leaked password was found 2019-03-13 02:32:18 +01:00			`ec = 0`
Support reading passwords from standard input 2019-03-13 02:31:23 +01:00			`for pwd in args or sys.stdin:`
			`pwd = pwd.strip()`
Better error handling and output format (#6) * Update readme: fix small redirection mistake * Use one output line per password * More graceful error handling * Only catch UnicodeErrors 2019-03-14 15:33:15 +01:00			`try:`
			`sha1pwd, count = lookup_pwned_api(pwd)`

			`if count:`
			`foundmsg = "{0} was found with {1} occurrences (hash: {2})"`
			`print(foundmsg.format(pwd, count, sha1pwd))`
			`ec = 1`
			`else:`
			`print("{} was not found".format(pwd))`
			`except UnicodeError:`
			`errormsg = sys.exc_info()[1]`
			`print("{0} could not be checked: {1}".format(pwd, errormsg))`
Vary exit status based on whether leaked password was found 2019-03-13 02:32:18 +01:00			`ec = 1`
Better error handling and output format (#6) * Update readme: fix small redirection mistake * Use one output line per password * More graceful error handling * Only catch UnicodeErrors 2019-03-14 15:33:15 +01:00			`continue`
Vary exit status based on whether leaked password was found 2019-03-13 02:32:18 +01:00			`return ec`
Add ‘__name__ == __main__’ guard so the file can be imported 2019-03-13 02:26:20 +01:00

			`if __name__ == '__main__':`
Vary exit status based on whether leaked password was found 2019-03-13 02:32:18 +01:00			`sys.exit(main(sys.argv[1:]))`