#!/bin/bash

echo 'This script checks the HIBP API to see if a password has been breached.'
echo 'Only the first 5 characters of the SHA1 hash of the password leave the device.'
echo

echo -n 'Password: '
read -s password
hash=$(echo -n "$password" | sha1sum | cut -c 1-40)

echo ; echo
echo "Checking HIBP for hash range ${hash:0:5}..."

count=$(curl -Ss "https://api.pwnedpasswords.com/range/${hash:0:5}" | grep -i "${hash:5}" | cut -d: -f2 | tr -d '\r')
[ -z "$count" ] && echo 'Password not pwned' || echo "Password seen $count times before"