Commit graph

17 commits

Author SHA1 Message Date
179cd36d7f
#27: Implement NTLM hash support for PwnedPassAPI
This PR implements support for NTLM hashes as announced by Troy Hunt:
https://s.pebcak.de/@troyhunt@infosec.exchange/109833758367903768

For this we needed to be able to calculate MD4 hashes, as NTLM basically is calculated like this: `MD4(UTF-16LE(pw))`. For this we ported the official golang.org/x/crypto/md4 package, so we can still claim that "only depends on Go stdlib"

A new Client option has been introduced: `WithPwnedNTLMHash`. If the client is initalized with this option, all generic methods (`ListHashesPassword` and `CheckPassword`) will  operate on NTLM hashes.

Additionally, there are now equivalent methods for checking passwords and listing hashes for NTLM: `CheckNTLM` and `ListHashesNTLM`
2023-02-09 17:07:20 +01:00
f143794341
Overhauling error handling of the different APIs as part of #24
- More error generalization
- Fixed PwnedPasswords API errors
- Added SHA1 hash validation with corresponding error
- More tests for error handling
2022-12-22 15:59:48 +01:00
c5ea330401
Overhauling error handling of the different APIs as part of #24
- Generalized errors
- Updated version number and User-Agent string
- Made default timeout a const
2022-12-22 11:55:56 +01:00
20ebd4c965
Implement a golangci-lint workflow and the accordingly GH action 2022-10-29 15:32:12 +02:00
1c699aca31
v1.0.2: More tests and better README.md. 2022-05-08 12:44:20 +02:00
fc0ea3bd48
Updated README.md, package description and version number for v1.0.2 release 2022-05-08 12:07:33 +02:00
842cc122a5
Fix code smell in WithUserAgent() option detected by SonarQube 2022-04-12 22:52:24 +02:00
00623d9eb6
Fixed DefaultUserAgent after clarification with Troy Hunt 2021-09-24 08:48:11 +02:00
18c11d013a
Road to v1.0.0: Added Pastes API 2021-09-22 16:20:54 +02:00
7da9c54633
Makes no sense to return a Client pointer. Also cleaned up examples directory 2021-09-22 15:46:36 +02:00
297b5b86f1
More idiomatic naming for the rate limit handling 2021-09-22 15:25:27 +02:00
48fec86658
Moved apiCall() from breach to hibp. Also introduced rate limit handling 2021-09-22 15:00:29 +02:00
ed7f680919
Added BreachedAccount() to breaches API
Also added WithUserAgent() to the HIBP client for custom UA configuration
2021-09-22 13:59:22 +02:00
f7588a863c Introducing the breaches API
So far only the "list all breaches" API is implemented, though
2021-09-21 19:46:48 +02:00
277b45ec8d
Added breaches 2021-09-21 18:21:23 +02:00
44451d4f76
v0.1.1: Complete refactor 2021-09-21 11:21:04 +02:00
f2941917d0 Initial checkin 2021-09-19 18:10:12 +02:00