From b75359931e3c5baaded6d0addb6d28f750dcd518 Mon Sep 17 00:00:00 2001 From: Andinus Date: Mon, 16 Mar 2020 17:29:15 +0530 Subject: Add initial version of orion --- hibp/hash.go | 15 +++++++++++++++ hibp/pwned.go | 40 ++++++++++++++++++++++++++++++++++++++++ hibp/req.go | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 90 insertions(+) create mode 100644 hibp/hash.go create mode 100644 hibp/pwned.go create mode 100644 hibp/req.go (limited to 'hibp') diff --git a/hibp/hash.go b/hibp/hash.go new file mode 100644 index 0000000..25249ed --- /dev/null +++ b/hibp/hash.go @@ -0,0 +1,15 @@ +package hibp + +import ( + "crypto/sha1" + "encoding/hex" + "strings" +) + +// GetHsh takes a string as an input & returns SHA-1 Hash +func GetHsh(pass string) string { + alg := sha1.New() + alg.Write([]byte(pass)) + + return strings.ToUpper(hex.EncodeToString(alg.Sum(nil))) +} diff --git a/hibp/pwned.go b/hibp/pwned.go new file mode 100644 index 0000000..57a1727 --- /dev/null +++ b/hibp/pwned.go @@ -0,0 +1,40 @@ +package hibp + +import ( + "fmt" + "strings" +) + +// GetPwned takes SHA-1 Hash as input & returns Pwned Passwords list +// returned by the Have I Been Pwned API +func GetPwned(hsh string) (map[string]string, error) { + api := "https://api.pwnedpasswords.com/range" + list := make(map[string]string) + + pfx := hsh[:5] + + reqApi := fmt.Sprintf("%s/%s", api, pfx) + body, err := reqHIBP(reqApi) + if err != nil { + return list, fmt.Errorf("reqHIBP failed\n%s", + err.Error()) + } + + for _, v := range strings.Split(body, "\r\n") { + s := strings.Split(v, ":") + list[s[0]] = s[1] + } + return list, err +} + +// ChkPwn takes list, hash as input & returns if the hash is in list, +// the frequency +func ChkPwn(list map[string]string, hsh string) (bool, string) { + sfx := hsh[5:] + for k, fq := range list { + if sfx == k { + return true, fq + } + } + return false, "" +} diff --git a/hibp/req.go b/hibp/req.go new file mode 100644 index 0000000..a3085da --- /dev/null +++ b/hibp/req.go @@ -0,0 +1,35 @@ +package hibp + +import ( + "fmt" + "io/ioutil" + "net/http" +) + +func reqHIBP(reqApi string) (string, error) { + req, err := http.NewRequest(http.MethodGet, reqApi, nil) + if err != nil { + return "", fmt.Errorf("request init failed\n%s", + err.Error()) + } + + c := http.Client{} + res, err := c.Do(req) + if err != nil { + return "", fmt.Errorf("request failed\n%s", + err.Error()) + } + defer res.Body.Close() + + if res.StatusCode != 200 { + return "", fmt.Errorf("Unexpected response status code received: %d %s", + res.StatusCode, http.StatusText(res.StatusCode)) + } + + body, err := ioutil.ReadAll(res.Body) + if err != nil { + return "", fmt.Errorf("reading res.Body failed\n%s", + err.Error()) + } + return string(body), err +} -- cgit 1.4.1-2-gfad0