added secvfurity and antiforensics to passcheck
This commit is contained in:
+22
-12
@@ -3,6 +3,19 @@ set -E p # FAIL ON ERROR USE TRAP
|
|||||||
# error handling trap
|
# error handling trap
|
||||||
trap 'echo "ERROR ON $LINENO! UNSETTING VARS FOR SECURITY"; unset $passphrase1; unset $passphrase2; unset $complexity_check; unset $sha1_digest; unset $first_five; unset $last_35; unset $curl_ret; echo "DONE"; exit 1' ERR
|
trap 'echo "ERROR ON $LINENO! UNSETTING VARS FOR SECURITY"; unset $passphrase1; unset $passphrase2; unset $complexity_check; unset $sha1_digest; unset $first_five; unset $last_35; unset $curl_ret; echo "DONE"; exit 1' ERR
|
||||||
|
|
||||||
|
killscript () {
|
||||||
|
echo -e "\nUNSETTING VARS FOR SECURITY"
|
||||||
|
unset $passphrase1
|
||||||
|
unset $passphrase2
|
||||||
|
unset $complexity_check
|
||||||
|
unset $sha1_digest
|
||||||
|
unset $first_five
|
||||||
|
unset $last_35
|
||||||
|
unset $curl_ret
|
||||||
|
echo -e "\nDONE\n"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
pass_min_length=40
|
pass_min_length=40
|
||||||
hibp_api="https://api.pwnedpasswords.com/range/"
|
hibp_api="https://api.pwnedpasswords.com/range/"
|
||||||
|
|
||||||
@@ -13,16 +26,16 @@ read -s -p "Re-Enter Passphrase " passphrase2
|
|||||||
echo
|
echo
|
||||||
## Sanity check the salt
|
## Sanity check the salt
|
||||||
### not empty
|
### not empty
|
||||||
if [ -z "$passphrase1" -o -z "$passphrase2" ]; then
|
if [ -z "$passphrase1" -o -z "$passphrase2" ]; then\
|
||||||
echo "Input passphrases can NOT be blank!"
|
echo "Input passphrases can NOT be blank!"
|
||||||
exit 1
|
killscript
|
||||||
else
|
else
|
||||||
echo "Passphrases Supplied: OK"
|
echo "Passphrases Supplied: OK"
|
||||||
fi
|
fi
|
||||||
### match
|
### match
|
||||||
if [[ "$salt1" != "$salt2" ]]; then
|
if [[ "$salt1" != "$salt2" ]]; then
|
||||||
echo "Passphrases DO NOT MATCH"
|
echo "Passphrases DO NOT MATCH"
|
||||||
exit 1
|
killscript
|
||||||
else
|
else
|
||||||
echo "Passphrases Match: OK"
|
echo "Passphrases Match: OK"
|
||||||
fi
|
fi
|
||||||
@@ -30,7 +43,7 @@ fi
|
|||||||
pass_length=${#passphrase1} # salt len
|
pass_length=${#passphrase1} # salt len
|
||||||
if [[ $pass_length -le $pass_min_length ]]; then
|
if [[ $pass_length -le $pass_min_length ]]; then
|
||||||
echo "Salt MUST be $pass_min_length characters or longer!"
|
echo "Salt MUST be $pass_min_length characters or longer!"
|
||||||
exit 1
|
killscript
|
||||||
else
|
else
|
||||||
echo "Pass Length: OK"
|
echo "Pass Length: OK"
|
||||||
fi
|
fi
|
||||||
@@ -40,7 +53,7 @@ if grep -q 'OK' <<< "$complexity_check"; then
|
|||||||
echo "Complexity: OK"
|
echo "Complexity: OK"
|
||||||
else
|
else
|
||||||
echo "Passphrase NOT Complex enough!"
|
echo "Passphrase NOT Complex enough!"
|
||||||
exit 1
|
killscript
|
||||||
fi
|
fi
|
||||||
### query hibP
|
### query hibP
|
||||||
sha1_digest=$(echo -n "$passphrase1" | sha1sum | awk '{print $1}')
|
sha1_digest=$(echo -n "$passphrase1" | sha1sum | awk '{print $1}')
|
||||||
@@ -52,14 +65,10 @@ curl_ret="$(curl -s ${hibp_api}${first_five})"
|
|||||||
# echo "curl ret: $curl_ret"
|
# echo "curl ret: $curl_ret"
|
||||||
if grep -q -i "${last_35}" <<< "${curl_ret}"; then
|
if grep -q -i "${last_35}" <<< "${curl_ret}"; then
|
||||||
echo "PASS FOUND IN BREACHED LISTS!"
|
echo "PASS FOUND IN BREACHED LISTS!"
|
||||||
exit 1
|
killscript
|
||||||
else
|
else
|
||||||
echo "PASS CHECKS OUT"
|
echo -e "\nPASS CHECKS OUT\n"
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# cleanup
|
# cleanup
|
||||||
echo -e "\nUNSETTING VARS FOR SECURITY\n";
|
|
||||||
unset $passphrase1
|
unset $passphrase1
|
||||||
unset $passphrase2
|
unset $passphrase2
|
||||||
unset $complexity_check
|
unset $complexity_check
|
||||||
@@ -67,4 +76,5 @@ unset $sha1_digest
|
|||||||
unset $first_five
|
unset $first_five
|
||||||
unset $last_35
|
unset $last_35
|
||||||
unset $curl_ret;
|
unset $curl_ret;
|
||||||
echo -e "\nDONE\n"
|
exit 0
|
||||||
|
fi
|
||||||
Reference in New Issue
Block a user