Add pwned

paveldat · Dec 16, 2022 · b523f04 · b523f04
1 parent 83ee14b
commit b523f04
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # gods_eye changelog
 
+## 1.0.2
+- Added tools:
+  - pwned
+Checks if your password has been compromised in a data breach.
+
 ## 1.0.1
 - Added tools:
   - ip_info_finder

diff --git a/setup.cfg b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = gods_eye
-version = 1.0.1
+version = 1.0.2
 author = Pavel Dat
 author_email = [email protected]
 description = A set of tools which should be used in Gods Eye
@@ -22,6 +22,7 @@ packages =
     robots_scanner
     whois_lookup
     ip_info_finder
+    pwned
 install_requires =
     requests >= 2.25.1
     dnspython >= 2.2.1
@@ -30,4 +31,5 @@ install_requires =
 [options.packages.find]
 where = src
 include = clickjacking, dns_lookup, exec_shell_command, http_headers_grabber,
-    ip, logger, nmap_scanner, robots_scanner, whois_lookup, ip_info_finder
+    ip, logger, nmap_scanner, robots_scanner, whois_lookup, ip_info_finder,
+    pwned
diff --git a/src/pwned/__init__.py b/src/pwned/__init__.py
diff --git a/src/pwned/pwned.py b/src/pwned/pwned.py
@@ -0,0 +1,72 @@
+"""
+        ██▄██ ▄▀▄ █▀▄ █▀▀ . █▀▄ █░█
+        █░▀░█ █▄█ █░█ █▀▀ . █▀▄ ▀█▀
+        ▀░░░▀ ▀░▀ ▀▀░ ▀▀▀ . ▀▀░ ░▀░
+▒▐█▀█─░▄█▀▄─▒▐▌▒▐▌░▐█▀▀▒██░░░░▐█▀█▄─░▄█▀▄─▒█▀█▀█
+▒▐█▄█░▐█▄▄▐█░▒█▒█░░▐█▀▀▒██░░░░▐█▌▐█░▐█▄▄▐█░░▒█░░
+▒▐█░░░▐█─░▐█░▒▀▄▀░░▐█▄▄▒██▄▄█░▐█▄█▀░▐█─░▐█░▒▄█▄░
+"""
+
+import sys
+import hashlib
+import logging
+import requests
+
+sys.path.insert(
+    0,
+    'src'
+)
+
+from logger.logger import Logger
+
+
+logger = Logger('pwned')
+check_url = 'https://api.pwnedpasswords.com/range/'
+header = {
+    'User-Agent': 'password checker'
+}
+
+
+class PasswordPwned:
+    """
+    Checks if your password has been compromised in a data breach.
+    """
+
+    @staticmethod
+    def check_password(password: str, debug: bool = False) -> bool:
+        """
+        Checks if your password has been compromissed in a date breach.
+
+        Args:
+            * password - Password to check
+            * debug - Activate debug mode
+
+        Returns:
+            * True - if your password has been compromissed
+        """
+
+        if debug:
+            logger.setLevel(logging.DEBUG)
+
+        logger.info('Calculating checksum for your password')
+        sha1 = hashlib.sha1(password.encode('utf-8'))
+        hash_string = sha1.hexdigest().upper()
+        prefix = hash_string[0:5]
+
+        request = requests.get(check_url + prefix, headers=header
+                               ).content.decode('utf-8')
+        hashes = dict(t.split(':') for t in request.split('\r\n'))
+        hashes = dict((prefix + key, value) for (key, value) in hashes.items())
+
+        logger.info('Checking if your password exists in databases')
+        for item_hash in hashes:
+            if item_hash == hash_string:
+                logger.info('Pwned')
+                logger.debug(f'{password} has previously appeared in\
+                             a data breach, used {hashes[hash_string]} times,\
+                             and should never be used')
+                return True
+
+        logger.info('No pwnage found')
+        logger.debug(f'{password} wasn\'t found in any of the Pwned Passwords')
+        return False