A quick bash script to check passwords for compromise in the terminal. Uses the haveibeenpwned API with padding.

Note - the ^M character is a carriage return and should be entered on linux using ctrl+v ctrl+m and not directly copied. Ideally you should also personalise the user agent string from "test code" to something more descriptive.

    
#!/bin/bash

echo -n Password to be checked:
read -s input

hash0="$(echo -n $input | sha1sum | cut -d ' ' -f 1)"
hash1=${hash0:0:5}
hash2=${hash0:6}

echo

hashes="$(wget -U "test code" --header "Add-Padding: true" -q -O - https://api.pwnedpasswords.com/range/${hash1})"

if [ -z "$hashes" ]
then
   echo "Failed to connect to API"
   exit 1
else
   result="$(echo "$hashes" | grep -i $hash2 | cut -d ":" -f 2 | sed -e 's/^M//g')"
fi

if [ -z "$result" ];
then
   echo "Your password was not found in the list of compromised passwords"
else
   echo "Your password was found $result times in the list of compromised passwords - you should not use this password. For more information please visit https://haveibeenpwned.com/Passwords"
fi