def check():
print('\n' + G + '[+]' + C + ' Looking for Breaches...' + W)
time.sleep(5)
if str(pwnedpasswords.check(addr)) != '0':
print('\n' + G + '[+]' + R + ' Oh no - pwned!')
print('\n' + G + '[+]' + R + ' This password has been seen ' + W +
str(pwnedpasswords.check(addr)) + R + ' times before.')
else:
print('\n' + G + '[+]' + C + ' Good news - no pwnage found!')
def set(self, fetches: LdapFetch, modlist: LdapModlist,
assignments: Dict[str, Any]):
if self.key not in assignments or not self._is_enabled(assignments):
return
if not self.writable:
raise falcon.HTTPBadRequest(
description="Cannot write {}".format(self.key))
if self.auto_generate and not assignments[self.key]:
str_value = passlib.pwd.genword('secure')
else:
str_value = assignments[self.key]
if self.pwned_password_check:
if pwnedpasswords.check(str_value, plain_text=True):
raise falcon.HTTPBadRequest(
description=
"Password is in list of leaked passwords, not accepted")
value = self.hashing(str_value)
if not value:
if self.required and self._is_enabled(assignments):
raise falcon.HTTPBadRequest(
description="{} is required".format(self.key))
if self.field in fetches.values:
modlist[self.field] = [(LdapMods.DELETE, [])]
elif self.field in fetches.values:
fetch_val = fetches.values[self.field]
if len(fetch_val) != 1 or fetch_val[0] != value:
modlist[self.field] = [(LdapMods.REPLACE, [value])]
else:
modlist[self.field] = [(LdapMods.ADD, [value])]
fetches.values[self.field] = [value]
def create(self, fetches: LdapFetch, addlist: LdapAddlist,
assignments: Dict[str, Any]):
if self.key not in assignments:
if self.required and self._is_enabled(assignments):
raise falcon.HTTPBadRequest(
description="{} is required".format(self.key))
return
if not self.creatable:
raise falcon.HTTPBadRequest(
description="Cannot create {}".format(self.key))
if self.auto_generate and not assignments[self.key]:
str_value = passlib.pwd.genword('secure')
else:
str_value = assignments[self.key]
if self.pwned_password_check:
if pwnedpasswords.check(str_value, plain_text=True):
raise falcon.HTTPBadRequest(
description=
"Password is in list of leaked passwords, not accepted")
value = self.hashing(str_value)
if self.field in fetches.values:
raise falcon.HTTPBadRequest("Cannot modify value")
if not value and self.required:
raise falcon.HTTPBadRequest(
description="{} is required".format(self.key))
addlist[self.field] = [value]
fetches.values[self.field] = [value]
def get_item_fields(item: dict):
try:
name = item.get("name", "blank named")
except Exception:
name = "blank named"
try:
uri = item.get("login", {}).get("uris")[0].get("uri")
except Exception:
uri = ""
try:
username = item.get("login", {}).get("username", "")
except Exception:
username = ""
try:
password = item.get("login", {}).get("password", None)
except Exception:
password = None
if (password is not None and pwnedpasswords.check(str(password)) > 0):
warn = "The password for %s as %s at %s has been leaked" % (
name, username, uri)
try:
notif.notify(
body=warn,
title="BitPass",
)
except Exception:
pass
logger.warning(warn)
return [username, password, uri]
def check_password(password):
"""this function use for check console given password with pwnedpasswords module """
check = pwnedpasswords.check(password) # it takes plan string as parameter
if(check >0):
print(f"Your Passsword was Hacked {check} times .Plz Choose Strong Passsword ")
else:
print("Your Password Was Too Strong.Good Luck")
def is_password_not_leaked(psw: str) -> bool:
try:
res = pwnedpasswords.check(psw)
if res > 1:
return False
else:
return True
except Exception as e:
return False
def check_password(password):
"""this function use for check console given password with pwnedpasswords module """
hash_pass = hashlib.sha1(password.encode("UTF-8")).hexdigest().upper() # it convert plan string to hash
check = pwnedpasswords.check(hash_pass)
if(check >0):
print(f"Your Passsword was Hacked {check} times .Plz Choose Strong Passsword ")
else:
print("Your Password Was Too Strong.Good Luck")
def create_user():
# import pdb; pdb.set_trace()
user_to_create, errors = create_user_schema.load(request.get_json())
req_json = request.get_json()
password = req_json.get('password', None)
if not password:
errors.update({'password': ['Missing data for required field.']})
raise InvalidRequest(errors, status_code=400)
else:
response = pwnedpasswords.check(password)
if response > 0:
errors.update({'password': ['Password is not allowed.']})
raise InvalidRequest(errors, status_code=400)
save_model_user(user_to_create, pwd=req_json.get('password'))
result = user_to_create.serialize()
return jsonify(data=result), 201
def search(self):
emails_usernames = {
"type": self.type,
"accounts": []
}
possible_emails_list = self.possible_emails()
for possible_email in possible_emails_list:
pwned = pwnedpasswords.check(possible_email)
if not pwned:
emails_usernames["accounts"].append({"value": possible_email, "breached": False})
else:
emails_usernames["accounts"].append({"value": possible_email, "breached": True})
time.sleep(self.delay)
return emails_usernames
def create_user():
user_to_create, errors = create_user_schema.load(request.get_json())
req_json = request.get_json()
identity_provider_user_id = req_json.get('identity_provider_user_id', None)
password = req_json.get('password', None)
if not password and not identity_provider_user_id:
errors.update({'password': ['Missing data for required field.']})
raise InvalidRequest(errors, status_code=400)
elif password:
response = pwnedpasswords.check(password)
if response > 0:
errors.update({'password': ['Password is blacklisted.']})
raise InvalidRequest(errors, status_code=400)
save_model_user(user_to_create, pwd=req_json.get('password'))
result = user_to_create.serialize()
return jsonify(data=result), 201
def process_entries(reader):
found = {}
not_found = []
print("Processing entries", end="")
with reader as r:
for entry in r:
count = pwnedpasswords.check(entry.password)
if count > 0:
found[entry.name] = count
else:
not_found.append(entry.name)
sys.stdout.write(".")
sys.stdout.flush()
print(" done!")
print("")
return found, sorted(not_found, key=lambda s: s.lower())
def index():
form = ChangePasswordForm()
if form.validate_on_submit():
try:
changePassword(form.username.data,form.oldpassword.data,form.newpassword.data)
except PwdChangeError as e:
while isinstance(e.args,tuple) and len(e.args) == 1:
e.args = e.args[0]
flash(changePasswordErrorMsg[e.args[1]], 'error')
if e.args[1] == 4:
try:
seen = pwnedpasswords.check(form.newpassword.data, plain_text=True)
if seen > 0:
flash(_("This password has been seen %(value)d times before in data breaches", value=seen), 'error')
except:
pass
else:
flash(_("Password successfully changed"),'success')
return render_template("success.html")
return render_template("index.html", form=form, contact_email=app.config.get('CONTACT_EMAIL'))
def __call__(self, form, field):
if current_app.config.get("HIPB_ENABLED", None):
hibp_bad_password_found = False
for i in range(0, 3): # Try 3 times. If the HIPB API is down then fall back to the old banlist.
try:
response = pwnedpasswords.check(field.data)
if response > 0:
hibp_bad_password_found = True
break
elif response == 0:
return
except Exception:
time.sleep(0.5)
pass
if hibp_bad_password_found:
raise ValidationError(self.message)
if field.data in blocked_passwords:
raise ValidationError(self.message)
def update_password(user_id):
user = get_user_by_id(user_id=user_id)
req_json = request.get_json()
pwd = req_json.get('_password')
update_dct, errors = user_update_password_schema_load_json.load(req_json)
if errors:
raise InvalidRequest(errors, status_code=400)
response = pwnedpasswords.check(pwd)
if response > 0:
errors.update({'password': ['Password is not allowed.']})
raise InvalidRequest(errors, status_code=400)
update_user_password(user, pwd)
changes = {'password': "******"}
try:
_update_alert(user, changes)
except Exception as e:
current_app.logger.error(e)
return jsonify(data=user.serialize()), 200
def pinHash(password):
if len(password) < 4:
return {"bon": False, "error": "Пин-код слишком короткий (<4)."}
if len(password) > 12:
return {"bon": False, "error": "Пин-код слишком длинный (>12)."}
if re.search("^[a-zA-Z0-9]+$", password) == None:
return {
"bon": False,
"error": "Пин-код не должен использовать специальные символы."
}
hsh = hashlib.sha1(password.encode()).hexdigest()
hshcheck = pwnedpasswords.check(hsh)
if hshcheck > 1000:
return {
"bon":
False,
"error":
"Пароль найден {} раз (т.е. >1000 раз) в базе haveibeenpwned, поэтому его не стоит использовать."
.format(hshcheck)
}
hsh = generate_password_hash(password)
return {"bon": True, "hash": hsh}
print("Insufficient arguments, password list not provided!")
exit(1)
count = 0.0
pwnedCount = 0.0
pwnedUsers = []
print("===== PWNED PASSWORD CHCECKER =====\n")
file = open(args.input, "r")
fileList = file.read().splitlines()
for password in fileList:
if args.users:
thisPassword = password.split(":", 1)[1]
result = pwnedpasswords.check(thisPassword)
print("Checked Password: %s COUNT: %s" % (thisPassword, result))
if result > 0:
pwnedUsers.append(password.split(":", 1)[0])
else:
result = pwnedpasswords.check(password)
print("Checked Password: %s COUNT: %s" % (password, result))
if result > 0:
pwnedCount += 1.0
count += 1.0
pwnedPercent = (pwnedCount / count) * 100
print("\n========")
print("DONE")
print("========\n")
print("Number of passwords checked: %d" % count)
def validate(self, password, user=None):
count = pwnedpasswords.check(password,
anonymous=self.anonymous,
plain_text=True)
if count > 0:
raise ValidationError(_(self.error_text), code="password_is_pwned")
def test_blocklist1_can_contact_hibp_api(app_):
response = pwnedpasswords.check("testing 123")
assert response == 1 # "testing 123" respondes with 1
