Commit graph

10 commits

Author SHA1 Message Date
f387547749
Add sanity check for split strings in password handling
In order to avoid potential indexing issues in password handling, a conditional statement has been added. This ensures that there are two resultant parts after the string splitting operation; if the condition isn't met, the operation simply continues without processing further. This enhances code robustness and reliability.
2024-03-14 22:14:48 +01:00
179cd36d7f
#27: Implement NTLM hash support for PwnedPassAPI
This PR implements support for NTLM hashes as announced by Troy Hunt:
https://s.pebcak.de/@troyhunt@infosec.exchange/109833758367903768

For this we needed to be able to calculate MD4 hashes, as NTLM basically is calculated like this: `MD4(UTF-16LE(pw))`. For this we ported the official golang.org/x/crypto/md4 package, so we can still claim that "only depends on Go stdlib"

A new Client option has been introduced: `WithPwnedNTLMHash`. If the client is initalized with this option, all generic methods (`ListHashesPassword` and `CheckPassword`) will  operate on NTLM hashes.

Additionally, there are now equivalent methods for checking passwords and listing hashes for NTLM: `CheckNTLM` and `ListHashesNTLM`
2023-02-09 17:07:20 +01:00
f143794341
Overhauling error handling of the different APIs as part of #24
- More error generalization
- Fixed PwnedPasswords API errors
- Added SHA1 hash validation with corresponding error
- More tests for error handling
2022-12-22 15:59:48 +01:00
20ebd4c965
Implement a golangci-lint workflow and the accordingly GH action 2022-10-29 15:32:12 +02:00
8fe5b208a5
#14: Skip padding results in the API response, which can be identified by having a zero count 2022-06-09 16:21:10 +02:00
05ea767ee1
#14: Add ListHashes*() methods to get access to all returned hashes
- This method replaces the previously private apiCall() method
- Added `ListHashesSHA1()` as well as `ListHashesPassword()` to keep consistency in the naming schema
- Added length checks for SHA1() methods
- Added length check for Prefix() method
2022-06-08 17:26:41 +02:00
1c699aca31
v1.0.2: More tests and better README.md. 2022-05-08 12:44:20 +02:00
f7588a863c Introducing the breaches API
So far only the "list all breaches" API is implemented, though
2021-09-21 19:46:48 +02:00
277b45ec8d
Added breaches 2021-09-21 18:21:23 +02:00
44451d4f76
v0.1.1: Complete refactor 2021-09-21 11:21:04 +02:00