PowerShell/docs/check-password.md
2024-05-19 10:25:56 +02:00

2.8 KiB
Raw Blame History

Script: check-password.ps1

This PowerShell script checks the security status of the given password by haveibeenpwned.com

Parameters

PS> ./check-password.ps1 [[-password] <String>] [<CommonParameters>]

-password <String>
    
    Required?                    false
    Position?                    1
    Default value                
    Accept pipeline input?       false
    Accept wildcard characters?  false

[<CommonParameters>]
    This script supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, 
    WarningVariable, OutBuffer, PipelineVariable, and OutVariable.

Example

PS> ./check-password qwerty
  Bad password, it's already listed in 10584568 known security breaches!

Notes

Author: Markus Fleschutz | License: CC0

https://github.com/fleschutz/PowerShell

Script Content

<#
.SYNOPSIS
        Checks a password
.DESCRIPTION
        This PowerShell script checks the security status of the given password by haveibeenpwned.com
.EXAMPLE
        PS> ./check-password qwerty
	⚠️  Bad password, it's already listed in 10584568 known security breaches!
.LINK
        https://github.com/fleschutz/PowerShell
.NOTES
        Author: Markus Fleschutz | License: CC0
#>

param([string]$password = "")

function CalculateHashSHA1 ([string]$string) {
    $sha1 = New-Object System.Security.Cryptography.SHA1CryptoServiceProvider
    $encoder = New-Object System.Text.UTF8Encoding
    $bytes = $encoder.GetBytes($string)
    $hash = ($sha1.ComputeHash($bytes) | % { $_.ToString("X2") }) -join ''
    return $hash
}

function Get-PasswordPwnCount { [CmdletBinding()] param([string]$pass)
    $hash  = CalculateHashSHA1 $pass
    try {
        $uri = "https://api.pwnedpasswords.com/range/$($hash.Substring(0,5))"
        $list  = -split (Invoke-RestMethod $uri -Verbose:($PSBoundParameters['Verbose'] -eq $true) -ErrorAction Stop) # split into separate strings
        $pwn = $list | Select-String $hash.Substring(5,35) # grep
        if ($pwn) { $count = [int] ($pwn.ToString().Split(':')[1]) } else { $count = 0 }
        return $count
    }
    catch {
        Write-Error "Error Calling HIBP API"
        return $null
    }
}

try {
	if ($password -eq "") { $password = Read-Host "Enter the password" }
	$NumBreaches = Get-PasswordPwnCount $password
	if ($NumBreaches -eq 0) {
		"👍 Password seems good, it's not listed in any known security breach as of today." 
	} else {
		"⚠️ Bad password, it's listed already in $NumBreaches known security breaches!"
	}
	exit 0 # success
} catch {
	"⚠️ Error in line $($_.InvocationInfo.ScriptLineNumber): $($Error[0])"
	exit 1
}

(generated by convert-ps2md.ps1 using the comment-based help of check-password.ps1 as of 05/19/2024 10:25:18)