pwned-password-checker/index.js at master · verheyenkoen/pwned-password-checker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/usr/bin/env node

import * as csv from "fast-csv";
import sha1 from "sha1";
import yargs from "yargs";
import { hideBin } from "yargs/helpers";

const args = yargs(hideBin(process.argv))
  .command(
    "$0 <file>",
    "Check a CSV file for breached passwords against HaveIBeenPwned.",
  )
  .option("u", {
    alias: "username",
    default: "login_username",
    description: "The name of the username column in the CSV file",
    type: "string",
  })
  .option("p", {
    alias: "password",
    default: "login_password",
    description: "The name of the password column in the CSV file",
    type: "string",
  })
  .option("n", {
    alias: "name",
    default: "name",
    description: "The name of the service name column in the CSV file",
    type: "string",
  })
  .alias("v", "version")
  .alias("h", "help")
  .help()
  .parse();

let count = 0;

csv
  .parseFile(args.file, { headers: true, ignoreEmpty: true, trim: true })
  .on("data", (record) => {
    if (record[args.password]) {
      count++;

      // skip empty passwords
      const hash = sha1(record[args.password]).toUpperCase();
      const prefix = hash.substring(0, 5);
      const suffix = hash.substring(5);

      fetch(`https://api.pwnedpasswords.com/range/${prefix}`, {
        headers: { "Add-Padding": true },
      })
        .catch((err) => {
          console.error(err);
        })
        .then((res) => res.text())
        .then((data) => {
          csv
            .parseString(data, { delimiter: ":", headers: ["suffix", "count"] })
            .on("data", (data) => {
              if (data.count > 0 && suffix === data.suffix) {
                console.log(
                  `The password for "${record[args.name]}" was found ${
                    data.count
                  } time(s).`,
                );
                console.log(
                  `  User: ${record[args.username]} / Password: ${
                    record[args.password]
                  }`,
                );
              }
            });
        });
    }
  })
  .on("end", (rowCount) =>
    console.log(`${count} password(s) checked from ${rowCount} rows.`),
  );