Files

80 lines
2.1 KiB
Bash

#!/bin/bash
set -E p # FAIL ON ERROR USE TRAP
# error handling trap
trap 'echo "ERROR ON $LINENO! UNSETTING VARS FOR SECURITY"; unset $passphrase1; unset $passphrase2; unset $complexity_check; unset $sha1_digest; unset $first_five; unset $last_35; unset $curl_ret; echo "DONE"; exit 1' ERR
killscript () {
echo -e "\nUNSETTING VARS FOR SECURITY"
unset $passphrase1
unset $passphrase2
unset $complexity_check
unset $sha1_digest
unset $first_five
unset $last_35
unset $curl_ret
echo -e "\nDONE\n"
exit 1
}
pass_min_length=40
hibp_api="https://api.pwnedpasswords.com/range/"
# gather salt
read -s -p "Input Passphrasse " passphrase1
echo
read -s -p "Re-Enter Passphrase " passphrase2
echo
## Sanity check the salt
### not empty
if [ -z "$passphrase1" -o -z "$passphrase2" ]; then\
echo "Input passphrases can NOT be blank!"
killscript
else
echo "Passphrases Supplied: OK"
fi
### match
if [[ "$salt1" != "$salt2" ]]; then
echo "Passphrases DO NOT MATCH"
killscript
else
echo "Passphrases Match: OK"
fi
### length
pass_length=${#passphrase1} # salt len
if [[ $pass_length -le $pass_min_length ]]; then
echo "Salt MUST be $pass_min_length characters or longer!"
killscript
else
echo "Pass Length: OK"
fi
### salt safety and complexity
complexity_check=$(echo -n "$passphrase1" | cracklib-check)
if grep -q 'OK' <<< "$complexity_check"; then
echo "Complexity: OK"
else
echo "Passphrase NOT Complex enough!"
killscript
fi
### query hibP
sha1_digest=$(echo -n "$passphrase1" | sha1sum | awk '{print $1}')
first_five="${sha1_digest:0:5}" # get furst five chars
last_35="${sha1_digest:5:35}" # get the rest
curl_ret="$(curl -s ${hibp_api}${first_five})"
# echo "first five: $first_five"
# echo "last 35: $last_35"
# echo "curl ret: $curl_ret"
if grep -q -i "${last_35}" <<< "${curl_ret}"; then
echo "PASS FOUND IN BREACHED LISTS!"
killscript
else
echo -e "\nPASS CHECKS OUT\n"
# cleanup
unset $passphrase1
unset $passphrase2
unset $complexity_check
unset $sha1_digest
unset $first_five
unset $last_35
unset $curl_ret;
exit 0
fi