wneessen/go-hibp
1
1
Fork 0
mirror of https://github.com/wneessen/go-hibp.git synced 2024-11-09 15:32:52 +01:00
Code Issues Projects Releases Packages Wiki Activity
97 commits 3 branches 12 tags 200 KiB
Commit graph

10 commits

Author SHA1 Message Date
Winni Neessen
f387547749
Add sanity check for split strings in password handling 
In order to avoid potential indexing issues in password handling, a conditional statement has been added. This ensures that there are two resultant parts after the string splitting operation; if the condition isn't met, the operation simply continues without processing further. This enhances code robustness and reliability.
 2024-03-14 22:14:48 +01:00
Winni Neessen
179cd36d7f
#27: Implement NTLM hash support for PwnedPassAPI 
This PR implements support for NTLM hashes as announced by Troy Hunt:
https://s.pebcak.de/@troyhunt@infosec.exchange/109833758367903768

For this we needed to be able to calculate MD4 hashes, as NTLM basically is calculated like this: `MD4(UTF-16LE(pw))`. For this we ported the official golang.org/x/crypto/md4 package, so we can still claim that "only depends on Go stdlib"

A new Client option has been introduced: `WithPwnedNTLMHash`. If the client is initalized with this option, all generic methods (`ListHashesPassword` and `CheckPassword`) will  operate on NTLM hashes.

Additionally, there are now equivalent methods for checking passwords and listing hashes for NTLM: `CheckNTLM` and `ListHashesNTLM`
 2023-02-09 17:07:20 +01:00
Winni Neessen
f143794341
Overhauling error handling of the different APIs as part of #24 
- More error generalization
- Fixed PwnedPasswords API errors
- Added SHA1 hash validation with corresponding error
- More tests for error handling
 2022-12-22 15:59:48 +01:00
Winni Neessen
20ebd4c965
Implement a golangci-lint workflow and the accordingly GH action 2022-10-29 15:32:12 +02:00
Winni Neessen
8fe5b208a5
#14: Skip padding results in the API response, which can be identified by having a zero count 2022-06-09 16:21:10 +02:00
Winni Neessen
05ea767ee1
#14: Add ListHashes*() methods to get access to all returned hashes 
- This method replaces the previously private apiCall() method
- Added `ListHashesSHA1()` as well as `ListHashesPassword()` to keep consistency in the naming schema
- Added length checks for SHA1() methods
- Added length check for Prefix() method
 2022-06-08 17:26:41 +02:00
Winni Neessen
1c699aca31
v1.0.2: More tests and better README.md. 2022-05-08 12:44:20 +02:00
Winni Neessen
f7588a863c Introducing the breaches API 
So far only the "list all breaches" API is implemented, though
 2021-09-21 19:46:48 +02:00
Winni Neessen
277b45ec8d
Added breaches 2021-09-21 18:21:23 +02:00
Winni Neessen
44451d4f76
v0.1.1: Complete refactor 2021-09-21 11:21:04 +02:00