From b75359931e3c5baaded6d0addb6d28f750dcd518 Mon Sep 17 00:00:00 2001 From: Andinus Date: Mon, 16 Mar 2020 17:29:15 +0530 Subject: Add initial version of orion --- README.org | 2 -- cmd/orion/orion.go | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ go.mod | 9 +++++++++ go.sum | 30 +++++++++++++++++++++++++++++ hibp/hash.go | 15 +++++++++++++++ hibp/pwned.go | 40 +++++++++++++++++++++++++++++++++++++++ hibp/req.go | 35 ++++++++++++++++++++++++++++++++++ 7 files changed, 184 insertions(+), 2 deletions(-) create mode 100644 cmd/orion/orion.go create mode 100644 go.mod create mode 100644 go.sum create mode 100644 hibp/hash.go create mode 100644 hibp/pwned.go create mode 100644 hibp/req.go diff --git a/README.org b/README.org index 3e3c931..0319031 100644 --- a/README.org +++ b/README.org @@ -9,8 +9,6 @@ Been Pwned API. *Note*: Your password is not sent anywhere, only the first 5 characters of the SHA-1 hash of the input is sent to HIBP API. -*Note*: Padding is currently not supported by Orion. - * Working - Orion takes input from the user - Input is hashed & split (prefix: [:5], suffix: [5:]) diff --git a/cmd/orion/orion.go b/cmd/orion/orion.go new file mode 100644 index 0000000..e3ce011 --- /dev/null +++ b/cmd/orion/orion.go @@ -0,0 +1,55 @@ +package main + +import ( + "os" + "time" + + "framagit.org/andinus/orion/hibp" + + "github.com/AlecAivazis/survey/v2" + "github.com/AlecAivazis/survey/v2/terminal" + "github.com/briandowns/spinner" + "github.com/fatih/color" +) + +func main() { + var pass string + + prompt := &survey.Password{ + Message: "Password:", + Help: "Enter password to be checked against HIBP's Database", + } + err := survey.AskOne(prompt, &pass, survey.WithValidator(survey.Required)) + if err == terminal.InterruptErr { + color.Yellow("Interrupt Received") + os.Exit(0) + } else if err != nil { + panic(err) + } + + s := spinner.New(spinner.CharSets[12], 32*time.Millisecond) + s.Start() + s.Color("cyan") + + // get password hash + hsh := hibp.GetHsh(pass) + + // get list of pwned passwords + list, err := hibp.GetPwned(hsh) + if err != nil { + color.Yellow(err.Error()) + os.Exit(1) + } + + // check if pass is pwned + pwn, fq := hibp.ChkPwn(list, hsh) + s.Stop() + + if pwn { + color.New(color.FgRed).Add(color.Bold).Println("\nPwned!") + color.Yellow("This password has been seen %s times before.", fq) + return + } + + color.Green("\nPassword wasn't found in Have I Been Pwned's Database") +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..ede056e --- /dev/null +++ b/go.mod @@ -0,0 +1,9 @@ +module framagit.org/andinus/orion + +go 1.13 + +require ( + github.com/AlecAivazis/survey/v2 v2.0.7 + github.com/briandowns/spinner v1.9.0 + github.com/fatih/color v1.7.0 +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..b7157b0 --- /dev/null +++ b/go.sum @@ -0,0 +1,30 @@ +github.com/AlecAivazis/survey v1.8.8 h1:Y4yypp763E8cbqb5RBqZhGgkCFLRFnbRBHrxnpMMsgQ= +github.com/AlecAivazis/survey/v2 v2.0.7 h1:+f825XHLse/hWd2tE/V5df04WFGimk34Eyg/z35w/rc= +github.com/AlecAivazis/survey/v2 v2.0.7/go.mod h1:mlizQTaPjnR4jcpwRSaSlkbsRfYFEyKgLQvYTzxxiHA= +github.com/Netflix/go-expect v0.0.0-20180615182759-c93bf25de8e8/go.mod h1:oX5x61PbNXchhh0oikYAH+4Pcfw5LKv21+Jnpr6r6Pc= +github.com/briandowns/spinner v1.9.0 h1:+OMAisemaHar1hjuJ3Z2hIvNhQl9Y7GLPWUwwz2Pxo8= +github.com/briandowns/spinner v1.9.0/go.mod h1://Zf9tMcxfRUA36V23M6YGEAv+kECGfvpnLTnb8n4XQ= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= +github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/hinshun/vt10x v0.0.0-20180616224451-1954e6464174/go.mod h1:DqJ97dSdRW1W22yXSB90986pcOyQ7r45iio1KN2ez1A= +github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs= +github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= +github.com/kr/pty v1.1.4/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU= +github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4= +github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/testify v1.2.1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190530182044-ad28b68e88f1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/hibp/hash.go b/hibp/hash.go new file mode 100644 index 0000000..25249ed --- /dev/null +++ b/hibp/hash.go @@ -0,0 +1,15 @@ +package hibp + +import ( + "crypto/sha1" + "encoding/hex" + "strings" +) + +// GetHsh takes a string as an input & returns SHA-1 Hash +func GetHsh(pass string) string { + alg := sha1.New() + alg.Write([]byte(pass)) + + return strings.ToUpper(hex.EncodeToString(alg.Sum(nil))) +} diff --git a/hibp/pwned.go b/hibp/pwned.go new file mode 100644 index 0000000..57a1727 --- /dev/null +++ b/hibp/pwned.go @@ -0,0 +1,40 @@ +package hibp + +import ( + "fmt" + "strings" +) + +// GetPwned takes SHA-1 Hash as input & returns Pwned Passwords list +// returned by the Have I Been Pwned API +func GetPwned(hsh string) (map[string]string, error) { + api := "https://api.pwnedpasswords.com/range" + list := make(map[string]string) + + pfx := hsh[:5] + + reqApi := fmt.Sprintf("%s/%s", api, pfx) + body, err := reqHIBP(reqApi) + if err != nil { + return list, fmt.Errorf("reqHIBP failed\n%s", + err.Error()) + } + + for _, v := range strings.Split(body, "\r\n") { + s := strings.Split(v, ":") + list[s[0]] = s[1] + } + return list, err +} + +// ChkPwn takes list, hash as input & returns if the hash is in list, +// the frequency +func ChkPwn(list map[string]string, hsh string) (bool, string) { + sfx := hsh[5:] + for k, fq := range list { + if sfx == k { + return true, fq + } + } + return false, "" +} diff --git a/hibp/req.go b/hibp/req.go new file mode 100644 index 0000000..a3085da --- /dev/null +++ b/hibp/req.go @@ -0,0 +1,35 @@ +package hibp + +import ( + "fmt" + "io/ioutil" + "net/http" +) + +func reqHIBP(reqApi string) (string, error) { + req, err := http.NewRequest(http.MethodGet, reqApi, nil) + if err != nil { + return "", fmt.Errorf("request init failed\n%s", + err.Error()) + } + + c := http.Client{} + res, err := c.Do(req) + if err != nil { + return "", fmt.Errorf("request failed\n%s", + err.Error()) + } + defer res.Body.Close() + + if res.StatusCode != 200 { + return "", fmt.Errorf("Unexpected response status code received: %d %s", + res.StatusCode, http.StatusText(res.StatusCode)) + } + + body, err := ioutil.ReadAll(res.Body) + if err != nil { + return "", fmt.Errorf("reading res.Body failed\n%s", + err.Error()) + } + return string(body), err +} -- cgit 1.4.1-2-gfad0