# Password Checker
<hr>

This Program checks the usability of a password i.e. whether a password has been previously leaked or not. Here I am using the pwned API developed by Troy Hunt.<br>
link: _`https://haveibeenpwned.com/Passwords`_


### `Importing Modules`
We will import 3 modules : Requests, hashlib & sys
Request module will help us send a HTTP request via python.
Hashlib is a built-in module in Python that will help us convert a string into hashcodes.
Sys module will help us access the terminal arguments.

In [1]:
import requests as re
import hashlib
import sys

### `User-defined Funtions`
<hr>

Create a function, _req_api_data_ that will request our password and give us a response i.e whether the connection was successful (Response 200) or was there any interfernce (Response 400) like unauthorized access or a client error.
The reason we are using query_char which is a SHA1 hash type string instead of your password to ensure the anonymity of your password.


In [2]:
def req_api_data(query_char):
    url='https://api.pwnedpasswords.com/range/' + query_char
    res=re.get(url)
    if res.status_code != 200:
        raise RuntimeError(f'Error fetching: {res.status_code}, check the api and try again')
    return res


The below function, _get_psw_leaks_count_ checks the hash
We split the hash from the count. We then check if that hash matches with that of our password. If not, we return 0.

In [3]:
def get_psw_leaks_count(hashes, hash_to_check):
    hashes=(line.split(':') for line in hashes.text.splitlines())
    for h,count in hashes:
        if h == hash_to_check:
            return count
    return 0

The below function, _pwned_api_check_ will pass our actual password to check if it exists in the API.
Converting our password to UTF-8 encoding and then into hexadecimal formatting. It Capitalizes each character and passes it to the "sha1" function of hashlib to convert into sha1 formatting.
We separate the first five characters from the rest of sha1 code and pass to _req_api_data_ fuction to check if it is working.

In [4]:
def pwned_api_check(password):
    sha1password = hashlib.sha1(password.encode('utf-8')).hexdigest().upper()
    head5,tail = sha1password[:5],sha1password[5:]
    response=req_api_data(head5)
    return get_psw_leaks_count(response,tail)


At the end, we check if the password was found or not i.e. if the count of leaks was greater than 0 or not. If it was then ask user to think of another password, otherwise ask them to go forward with the password.

In [5]:
def main(args):
    for password in args:
        count=pwned_api_check(password)
        if count:
            print(f'{password} was found {count} time.... you should change your password')
        else:
            print(f'{password} was not found.... you can carry on with this password')
    return 'Checked!'


We are using __sys__ here because we will be directly passing the passwords from the terminal.<br>
_Note: If you try running this program in the notebook, it will pop an error. Rather copy all the program from each code cell and paste it in python file. Run the program from the terminal. <br> In the terminal type this: python <filename.py> (password1) (password2) (password3)...._

In [None]:
if __name__=='__main__':
    sys.exit(main(sys.argv[1:]))