PowerShell/Docs/check-password.md
2023-09-20 17:05:11 +02:00

98 lines
2.8 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

*check-password.ps1*
================
This PowerShell script checks the security status of the given password by haveibeenpwned.com
Parameters
----------
```powershell
PS> ./check-password.ps1 [[-password] <String>] [<CommonParameters>]
-password <String>
Required? false
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
[<CommonParameters>]
This script supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction,
WarningVariable, OutBuffer, PipelineVariable, and OutVariable.
```
Example
-------
```powershell
PS> ./check-password qwerty
Bad password, it's already listed in 10584568 known security breaches!
```
Notes
-----
Author: Markus Fleschutz | License: CC0
Related Links
-------------
https://github.com/fleschutz/PowerShell
Script Content
--------------
```powershell
<#
.SYNOPSIS
Checks a password
.DESCRIPTION
This PowerShell script checks the security status of the given password by haveibeenpwned.com
.EXAMPLE
PS> ./check-password qwerty
⚠️ Bad password, it's already listed in 10584568 known security breaches!
.LINK
https://github.com/fleschutz/PowerShell
.NOTES
Author: Markus Fleschutz | License: CC0
#>
param([string]$password = "")
function CalculateHashSHA1 ([string]$string) {
$sha1 = New-Object System.Security.Cryptography.SHA1CryptoServiceProvider
$encoder = New-Object System.Text.UTF8Encoding
$bytes = $encoder.GetBytes($string)
$hash = ($sha1.ComputeHash($bytes) | % { $_.ToString("X2") }) -join ''
return $hash
}
function Get-PasswordPwnCount { [CmdletBinding()] param([string]$pass)
$hash = CalculateHashSHA1 $pass
try {
$uri = "https://api.pwnedpasswords.com/range/$($hash.Substring(0,5))"
$list = -split (Invoke-RestMethod $uri -Verbose:($PSBoundParameters['Verbose'] -eq $true) -ErrorAction Stop) # split into separate strings
$pwn = $list | Select-String $hash.Substring(5,35) # grep
if ($pwn) { $count = [int] ($pwn.ToString().Split(':')[1]) } else { $count = 0 }
return $count
}
catch {
Write-Error "Error Calling HIBP API"
return $null
}
}
try {
if ($password -eq "") { $password = Read-Host "Enter the password" }
$NumBreaches = Get-PasswordPwnCount $password
if ($NumBreaches -eq 0) {
"👍 Password seems good, it's not listed in any known security breach as of today."
} else {
"⚠️ Bad password, it's listed already in $NumBreaches known security breaches!"
}
exit 0 # success
} catch {
"⚠️ Error in line $($_.InvocationInfo.ScriptLineNumber): $($Error[0])"
exit 1
}
```
*(generated by convert-ps2md.ps1 using the comment-based help of check-password.ps1 as of 09/20/2023 17:04:38)*