p0wn – SystemTechnics https://www.systemtechnics.de IT Consulting Mon, 25 Jan 2016 17:59:17 +0000 de hourly 1 https://www.systemtechnics.de/wp-content/uploads/cropped-2003-logo-st-transparanet-x200-32x32.png p0wn – SystemTechnics https://www.systemtechnics.de 32 32 Benutzername gehackt? https://www.systemtechnics.de/benutzername-gehackt/ Mon, 30 Nov 2015 18:19:45 +0000 http://www.systemtechnics.de/?p=944 Es sind schon einige namenhafte Websites gehackt und Benutzernamen nebst Passwörter entwendet worden. Über die Webseite https://haveibeenpwned.com kann man testen ob der eigene Benutzername schon „veröffentlicht“ bzw. auf kursierenden Listen gefunden wurde.

powned

Folgendes Bash-Script zeigt wie man sehr einfach deren API nutzen kann um regelmäßig die eigene Maiadresse zu überprüfen:

#!/usr/bin/env bash 


echo  "Please enter email address to check against https://haveibeenpwned.com"

read choice
response=$(curl --write-out %{http_code} --silent --output /dev/null "https://haveibeenpwned.com/api/breachedaccount/$choice")

if [ "$response" = "404" ];then
    echo "Congralaution!!You are safe "

elif [ "$response" = "400" ];then
    echo "Upps.Something went wrong." 
 
  
else
    temp=$(curl --silent --request GET "https://haveibeenpwned.com/api/breachedaccount/$choice")
    echo  "You have been pwned in "$temp" breach "
    echo  "Do you require further Details?(y/n)"
    read ans
    if [ "$ans" = "y" ] || [ "$ans" = "Y" ] ;then
	curl --silent --request GET "https://haveibeenpwned.com/api/v2/breachedaccount/$choice"|python -mjson.tool > $choice.txt
	cat $choice.txt|sed -e 's!http\(s\)\{0,1\}://[^[:space:]]*!!g' -e 's/[@#\$%^&*()=039"]//g' -e 's/< \/td>//g' -e 's///g' -e 's/< \/em>//g' -e 's///g'  >  Breach_$choice.txt
	cat Breach_$choice.txt
	rm $choice.txt

	echo "Output saved it into Breach_$choice.txt file"
    fi

    if [ "$ans" = "n" ] || [ "$ans" = "N" ] ;then 	
	exit 1
    fi
	    
fi

Möchte man evtl. mit einer Liste von Mailadressen die API „füttern“, so kann man folgendes Script verwenden:

#!/usr/bin/env bash

[ $# -eq 0 ] && { echo "Usage: ./$0 emaillist"; exit 1; }

if [ "$1" == "-h" ]; then
  echo "Usage: ./$0 emaillist"
  exit 1

fi

dos2unix -q $1
sed '/^$/d'  $1 | while read choice
do
response=$(curl --write-out %{http_code} --silent --output /dev/null "https://haveibeenpwned.com/api/breachedaccount/$choice")

if [ "$response" = "404" ];then
echo "Congo. $choice is safe "

elif [ "$response" = "400" ];then
echo "Upps...Something went wrong."
 
  
else
temp=$(curl --silent --request GET "https://haveibeenpwned.com/api/breachedaccount/$choice")
    echo "$choice has been pwned in "$temp" breach "
    echo "$choice	$temp" >> out.csv	
    
fi
done
echo "Output saved into out.csv(Tab seprated)file"
]]>