Last active
July 24, 2019 14:27
-
-
Save itsHobbes/cc82652259b3a4a37aae7313e59cd918 to your computer and use it in GitHub Desktop.
A simple java program to search password dumps for SHA-1 Hashed passwords from https://haveibeenpwned.com/passwords
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.io.IOException; | |
| import java.nio.charset.StandardCharsets; | |
| import java.nio.file.Files; | |
| import java.nio.file.Paths; | |
| import java.security.MessageDigest; | |
| import java.security.NoSuchAlgorithmException; | |
| import java.util.ArrayList; | |
| import java.util.List; | |
| import java.util.stream.Collectors; | |
| import java.util.stream.Stream; | |
| /** | |
| * To run this you need the password dump of SHA-1 hashed passwords | |
| * | |
| * Found at the bottom of this page https://haveibeenpwned.com/passwords | |
| * | |
| * Set LOCATION_OF_PASSWORD_DUMP to the location of the EXTRACTED txt file | |
| * | |
| * Set INPUT_PASSWORDS as your passwords to search for, or pass them as arguments on the command | |
| * line | |
| */ | |
| public class PasswordFinder { | |
| private static final String LOCATION_OF_PASSWORD_DUMP = ""; | |
| private static final String[] INPUT_PASSWORDS = {"1234", "abcd"}; | |
| public static void main(String[] args) { | |
| long start = System.nanoTime(); | |
| if (args.length > 0) { | |
| new PasswordFinder().run(args); | |
| } else { | |
| new PasswordFinder().run(INPUT_PASSWORDS); | |
| } | |
| long end = System.nanoTime(); | |
| System.out.println("Execution time: " + (end - start) / 1_000_000 + "ms"); | |
| } | |
| private void run(String[] passwords) { | |
| var hashes = getHashes(passwords); | |
| System.out.println("Your hashed passwords: "); | |
| hashes.forEach(System.out::println); | |
| System.out.println(); | |
| var foundHashes = findHashes(hashes); | |
| if (foundHashes.isEmpty()) { | |
| System.out.println("Your passwords were not found."); | |
| } else { | |
| System.out.println("Some passwords have been found!"); | |
| for (String s : foundHashes) { | |
| int index = s.indexOf(":"); | |
| System.out.println(s.substring(0, index) + " was found " | |
| + s.substring(index + 1) + " times"); | |
| } | |
| } | |
| } | |
| private List<String> findHashes(List<String> hashes) { | |
| System.out.println("Searching for hashed passwords, please wait ..."); | |
| List<String> list = new ArrayList<>(); | |
| try (Stream<String> stream = Files.lines(Paths.get(LOCATION_OF_PASSWORD_DUMP))) { | |
| list = stream.filter(e -> hashes.contains(e.substring(0, e.indexOf(":")))) | |
| .collect(Collectors.toList()); | |
| } catch (IOException e) { | |
| e.printStackTrace(); | |
| } | |
| return list; | |
| } | |
| private List<String> getHashes(String[] passwords) { | |
| var list = new ArrayList<String>(); | |
| MessageDigest md = null; | |
| try { | |
| md = MessageDigest.getInstance("SHA-1"); | |
| } catch (NoSuchAlgorithmException e) { | |
| e.printStackTrace(); | |
| } | |
| for (String s : passwords) { | |
| byte[] hash = md.digest(s.getBytes(StandardCharsets.UTF_8)); | |
| list.add(bytesToHex(hash)); | |
| } | |
| return list; | |
| } | |
| private static String bytesToHex(byte[] hash) { | |
| StringBuilder hexString = new StringBuilder(); | |
| for (int i = 0; i < hash.length; i++) { | |
| String hex = Integer.toHexString(0xff & hash[i]); | |
| if (hex.length() == 1) { | |
| hexString.append('0'); | |
| } | |
| hexString.append(hex); | |
| } | |
| return hexString.toString().toUpperCase(); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment