summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--README.org2
-rw-r--r--cmd/orion/orion.go55
-rw-r--r--go.mod9
-rw-r--r--go.sum30
-rw-r--r--hibp/hash.go15
-rw-r--r--hibp/pwned.go40
-rw-r--r--hibp/req.go35
7 files changed, 184 insertions, 2 deletions
diff --git a/README.org b/README.org
index 3e3c931..0319031 100644
--- a/README.org
+++ b/README.org
@@ -9,8 +9,6 @@ Been Pwned API.
 *Note*: Your password is not sent anywhere, only the first 5 characters of the
 SHA-1 hash of the input is sent to HIBP API.
 
-*Note*: Padding is currently not supported by Orion.
-
 * Working
 - Orion takes input from the user
 - Input is hashed & split (prefix: [:5], suffix: [5:])
diff --git a/cmd/orion/orion.go b/cmd/orion/orion.go
new file mode 100644
index 0000000..e3ce011
--- /dev/null
+++ b/cmd/orion/orion.go
@@ -0,0 +1,55 @@
+package main
+
+import (
+	"os"
+	"time"
+
+	"framagit.org/andinus/orion/hibp"
+
+	"github.com/AlecAivazis/survey/v2"
+	"github.com/AlecAivazis/survey/v2/terminal"
+	"github.com/briandowns/spinner"
+	"github.com/fatih/color"
+)
+
+func main() {
+	var pass string
+
+	prompt := &survey.Password{
+		Message: "Password:",
+		Help:    "Enter password to be checked against HIBP's Database",
+	}
+	err := survey.AskOne(prompt, &pass, survey.WithValidator(survey.Required))
+	if err == terminal.InterruptErr {
+		color.Yellow("Interrupt Received")
+		os.Exit(0)
+	} else if err != nil {
+		panic(err)
+	}
+
+	s := spinner.New(spinner.CharSets[12], 32*time.Millisecond)
+	s.Start()
+	s.Color("cyan")
+
+	// get password hash
+	hsh := hibp.GetHsh(pass)
+
+	// get list of pwned passwords
+	list, err := hibp.GetPwned(hsh)
+	if err != nil {
+		color.Yellow(err.Error())
+		os.Exit(1)
+	}
+
+	// check if pass is pwned
+	pwn, fq := hibp.ChkPwn(list, hsh)
+	s.Stop()
+
+	if pwn {
+		color.New(color.FgRed).Add(color.Bold).Println("\nPwned!")
+		color.Yellow("This password has been seen %s times before.", fq)
+		return
+	}
+
+	color.Green("\nPassword wasn't found in Have I Been Pwned's Database")
+}
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..ede056e
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,9 @@
+module framagit.org/andinus/orion
+
+go 1.13
+
+require (
+	github.com/AlecAivazis/survey/v2 v2.0.7
+	github.com/briandowns/spinner v1.9.0
+	github.com/fatih/color v1.7.0
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..b7157b0
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,30 @@
+github.com/AlecAivazis/survey v1.8.8 h1:Y4yypp763E8cbqb5RBqZhGgkCFLRFnbRBHrxnpMMsgQ=
+github.com/AlecAivazis/survey/v2 v2.0.7 h1:+f825XHLse/hWd2tE/V5df04WFGimk34Eyg/z35w/rc=
+github.com/AlecAivazis/survey/v2 v2.0.7/go.mod h1:mlizQTaPjnR4jcpwRSaSlkbsRfYFEyKgLQvYTzxxiHA=
+github.com/Netflix/go-expect v0.0.0-20180615182759-c93bf25de8e8/go.mod h1:oX5x61PbNXchhh0oikYAH+4Pcfw5LKv21+Jnpr6r6Pc=
+github.com/briandowns/spinner v1.9.0 h1:+OMAisemaHar1hjuJ3Z2hIvNhQl9Y7GLPWUwwz2Pxo8=
+github.com/briandowns/spinner v1.9.0/go.mod h1://Zf9tMcxfRUA36V23M6YGEAv+kECGfvpnLTnb8n4XQ=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/hinshun/vt10x v0.0.0-20180616224451-1954e6464174/go.mod h1:DqJ97dSdRW1W22yXSB90986pcOyQ7r45iio1KN2ez1A=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
+github.com/kr/pty v1.1.4/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU=
+github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4=
+github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.2.1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190530182044-ad28b68e88f1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
diff --git a/hibp/hash.go b/hibp/hash.go
new file mode 100644
index 0000000..25249ed
--- /dev/null
+++ b/hibp/hash.go
@@ -0,0 +1,15 @@
+package hibp
+
+import (
+	"crypto/sha1"
+	"encoding/hex"
+	"strings"
+)
+
+// GetHsh takes a string as an input & returns SHA-1 Hash
+func GetHsh(pass string) string {
+	alg := sha1.New()
+	alg.Write([]byte(pass))
+
+	return strings.ToUpper(hex.EncodeToString(alg.Sum(nil)))
+}
diff --git a/hibp/pwned.go b/hibp/pwned.go
new file mode 100644
index 0000000..57a1727
--- /dev/null
+++ b/hibp/pwned.go
@@ -0,0 +1,40 @@
+package hibp
+
+import (
+	"fmt"
+	"strings"
+)
+
+// GetPwned takes SHA-1 Hash as input & returns Pwned Passwords list
+// returned by the Have I Been Pwned API
+func GetPwned(hsh string) (map[string]string, error) {
+	api := "https://api.pwnedpasswords.com/range"
+	list := make(map[string]string)
+
+	pfx := hsh[:5]
+
+	reqApi := fmt.Sprintf("%s/%s", api, pfx)
+	body, err := reqHIBP(reqApi)
+	if err != nil {
+		return list, fmt.Errorf("reqHIBP failed\n%s",
+			err.Error())
+	}
+
+	for _, v := range strings.Split(body, "\r\n") {
+		s := strings.Split(v, ":")
+		list[s[0]] = s[1]
+	}
+	return list, err
+}
+
+// ChkPwn takes list, hash as input & returns if the hash is in list,
+// the frequency
+func ChkPwn(list map[string]string, hsh string) (bool, string) {
+	sfx := hsh[5:]
+	for k, fq := range list {
+		if sfx == k {
+			return true, fq
+		}
+	}
+	return false, ""
+}
diff --git a/hibp/req.go b/hibp/req.go
new file mode 100644
index 0000000..a3085da
--- /dev/null
+++ b/hibp/req.go
@@ -0,0 +1,35 @@
+package hibp
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+)
+
+func reqHIBP(reqApi string) (string, error) {
+	req, err := http.NewRequest(http.MethodGet, reqApi, nil)
+	if err != nil {
+		return "", fmt.Errorf("request init failed\n%s",
+			err.Error())
+	}
+
+	c := http.Client{}
+	res, err := c.Do(req)
+	if err != nil {
+		return "", fmt.Errorf("request failed\n%s",
+			err.Error())
+	}
+	defer res.Body.Close()
+
+	if res.StatusCode != 200 {
+		return "", fmt.Errorf("Unexpected response status code received: %d %s",
+			res.StatusCode, http.StatusText(res.StatusCode))
+	}
+
+	body, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return "", fmt.Errorf("reading res.Body failed\n%s",
+			err.Error())
+	}
+	return string(body), err
+}