80 lines
2.1 KiB
Bash
80 lines
2.1 KiB
Bash
#!/bin/bash
|
|
set -E p # FAIL ON ERROR USE TRAP
|
|
# error handling trap
|
|
trap 'echo "ERROR ON $LINENO! UNSETTING VARS FOR SECURITY"; unset $passphrase1; unset $passphrase2; unset $complexity_check; unset $sha1_digest; unset $first_five; unset $last_35; unset $curl_ret; echo "DONE"; exit 1' ERR
|
|
|
|
killscript () {
|
|
echo -e "\nUNSETTING VARS FOR SECURITY"
|
|
unset $passphrase1
|
|
unset $passphrase2
|
|
unset $complexity_check
|
|
unset $sha1_digest
|
|
unset $first_five
|
|
unset $last_35
|
|
unset $curl_ret
|
|
echo -e "\nDONE\n"
|
|
exit 1
|
|
}
|
|
|
|
pass_min_length=40
|
|
hibp_api="https://api.pwnedpasswords.com/range/"
|
|
|
|
# gather salt
|
|
read -s -p "Input Passphrasse " passphrase1
|
|
echo
|
|
read -s -p "Re-Enter Passphrase " passphrase2
|
|
echo
|
|
## Sanity check the salt
|
|
### not empty
|
|
if [ -z "$passphrase1" -o -z "$passphrase2" ]; then\
|
|
echo "Input passphrases can NOT be blank!"
|
|
killscript
|
|
else
|
|
echo "Passphrases Supplied: OK"
|
|
fi
|
|
### match
|
|
if [[ "$salt1" != "$salt2" ]]; then
|
|
echo "Passphrases DO NOT MATCH"
|
|
killscript
|
|
else
|
|
echo "Passphrases Match: OK"
|
|
fi
|
|
### length
|
|
pass_length=${#passphrase1} # salt len
|
|
if [[ $pass_length -le $pass_min_length ]]; then
|
|
echo "Salt MUST be $pass_min_length characters or longer!"
|
|
killscript
|
|
else
|
|
echo "Pass Length: OK"
|
|
fi
|
|
### salt safety and complexity
|
|
complexity_check=$(echo -n "$passphrase1" | cracklib-check)
|
|
if grep -q 'OK' <<< "$complexity_check"; then
|
|
echo "Complexity: OK"
|
|
else
|
|
echo "Passphrase NOT Complex enough!"
|
|
killscript
|
|
fi
|
|
### query hibP
|
|
sha1_digest=$(echo -n "$passphrase1" | sha1sum | awk '{print $1}')
|
|
first_five="${sha1_digest:0:5}" # get furst five chars
|
|
last_35="${sha1_digest:5:35}" # get the rest
|
|
curl_ret="$(curl -s ${hibp_api}${first_five})"
|
|
# echo "first five: $first_five"
|
|
# echo "last 35: $last_35"
|
|
# echo "curl ret: $curl_ret"
|
|
if grep -q -i "${last_35}" <<< "${curl_ret}"; then
|
|
echo "PASS FOUND IN BREACHED LISTS!"
|
|
killscript
|
|
else
|
|
echo -e "\nPASS CHECKS OUT\n"
|
|
# cleanup
|
|
unset $passphrase1
|
|
unset $passphrase2
|
|
unset $complexity_check
|
|
unset $sha1_digest
|
|
unset $first_five
|
|
unset $last_35
|
|
unset $curl_ret;
|
|
exit 0
|
|
fi |