Documentation ¶
Overview ¶
Copyright 2017 The Go Authors. All rights reserved. Use of this source code is governed by a BSD-style license that can be found in the LICENSE file.
Adapted from Go bcrypt implementation - https://github.com/golang/crypto/blob/23b1b90df264a1df9c6403fa1ad13fda18fdb152/bcrypt/base64.go
Copyright 2017 The Go Authors. All rights reserved. Use of this source code is governed by a BSD-style license that can be found in the LICENSE file.
Index ¶
- Constants
- func BCryptHash(password []byte, salt []byte) (string, error)
- func CalcArgon2(toHash string, salt string) (string, error)
- func CalcAuthMeSHA256(password string, salt string) (string, error)
- func CalcBCrypt(password string, salt string) (string, error)
- func CalcCRC32(password string) (string, error)
- func CalcCustomAlgorithm1(password string, salt string) (string, error)
- func CalcCustomAlgorithm4(password string, salt string) (string, error)
- func CalcCustomAlgorithm5(password string, salt string) (string, error)
- func CalcCustomAlgorithm7(password string, salt string) (string, error)
- func CalcCustomAlgorithm9(password string, salt string) (string, error)
- func CalcDESCrypt(password string, salt string) (string, error)
- func CalcHMACSHA1SaltAsKey(password string, salt string) (string, error)
- func CalcIPBoardHash(password string, salt string) (string, error)
- func CalcMD5(password string) (string, error)
- func CalcMD5Crypt(password []byte, rawSalt []byte) (string, error)
- func CalcMySQLPost4_1(password string) (string, error)
- func CalcMySQLPre4_1(password string) (string, error)
- func CalcNTLM(password string) (string, error)
- func CalcPHPBB3(password string, salt string) (string, error)
- func CalcPasswordHash(passwordType PasswordType, password string, salt string) (string, error)
- func CalcPeopleSoft(password string) (string, error)
- func CalcPunBB(password string, salt string) (string, error)
- func CalcSHA1(password string) (string, error)
- func CalcSHA256(password string) (string, error)
- func CalcSHA256Crypt(password string, salt string) (string, error)
- func CalcSHA384(password string) (string, error)
- func CalcSHA512(password string) (string, error)
- func CalcSHA512Crypt(password string, salt string) (string, error)
- func CalcVBulletinHash(password string, salt string) (string, error)
- func DKey(password, salt []byte, time, memory uint32, threads uint8, keyLen uint32) []byte
- func Descrypt(key string, salt_str string) string
- func ShaCryptEncrypt(plaintext string, salt string) (string, error)
- type AccountsResponse
- type AddSubscriptionsResponse
- type Client
- func (e *Client) AddDomainAlertSubscriptions(domains []string) (*AddSubscriptionsResponse, error)
- func (e *Client) AddUserAlertSubscriptions(usernames []string, customData string) (*AddSubscriptionsResponse, error)
- func (e *Client) CheckCredentials(username, password string) (bool, error)
- func (e *Client) CheckCredentialsEx(username, password string, lastCheckDate *time.Time, ...) (bool, error)
- func (e *Client) CheckPassword(password string) (bool, error)
- func (e *Client) CheckPasswordWithExposure(password string, revealedInExposure *bool, exposureCount *int) (bool, error)
- func (e *Client) DeleteDomainAlertSubscriptions(domains []string) (*DeleteSubscriptionsResponse, error)
- func (e *Client) DeleteUserAlertSubscriptions(usernames []string) (*DeleteSubscriptionsResponse, error)
- func (e *Client) DeleteUserAlertSubscriptionsByCustomData(customData string) (*DeleteSubscriptionsResponse, error)
- func (e *Client) GetDomainAlertSubscriptions(pageSize int, pagingToken string) (*GetDomainSubscriptionsResponse, error)
- func (e *Client) GetExposedUsersForDomain(domain string, pageSize int, pagingToken string) (*ExposedUsersForDomain, error)
- func (e *Client) GetExposureDetails(exposureID string) (*ExposureDetails, error)
- func (e *Client) GetExposuresForDomain(domain string, pageSize int, pagingToken string) (*ExposuresForDomain, error)
- func (e *Client) GetExposuresForDomainIncludeDetails(domain string, pageSize int, pagingToken string) (*ExposuresForDomainIncludeDetails, error)
- func (e *Client) GetExposuresForUser(username string) ([]string, error)
- func (e *Client) GetUserAlertSubscriptions(pageSize int, pagingToken string) (*GetSubscriptionsResponse, error)
- func (e *Client) GetUserAlertSubscriptionsByCustomData(customData string, pageSize int, pagingToken string) (*GetSubscriptionsResponse, error)
- func (e *Client) GetUserPasswords(username string) (*UserPasswords, error)
- func (e *Client) IsDomainSubscribedForAlerts(domain string) (bool, error)
- func (e *Client) IsUserSubscribedForAlerts(username string) (bool, error)
- type CredentialsHashSpecification
- type DeleteSubscriptionsResponse
- type ExposedUserForDomain
- type ExposedUsersForDomain
- type ExposureDetails
- type ExposuresForDomain
- type ExposuresForDomainIncludeDetails
- type ExposuresResponse
- type GetDomainSubscriptionsResponse
- type GetSubscriptionsResponse
- type HashType
- type HashVersionTooNewError
- type InvalidCostError
- type InvalidHashPrefixError
- type PasswordDetails
- type PasswordHashSpecification
- type PasswordType
- type UserPasswords
Constants ¶
const ( MinCost int = 4 // the minimum allowable cost as passed in to GenerateFromPassword MaxCost int = 31 // the maximum allowable cost as passed in to GenerateFromPassword DefaultCost int = 10 // the cost that will actually be set if a cost below MinCost is passed into GenerateFromPassword )
const ( CredentialsAPIPath = "/credentials" PasswordsAPIPath = "/passwords" ExposuresAPIPath = "/exposures" AccountsAPIPath = "/accounts" AlertsServicePath = "/alert-subscriptions" )
const ( Plaintext PasswordType = 0 MD5 = 1 SHA1 = 2 SHA256 = 3 TripleDES = 4 IPBoard_MyBB = 5 BCrypt = 8 CRC32 = 9 PHPBB3 = 10 CustomAlgorithm1 = 11 SCrypt = 12 CustomAlgorithm2 = 13 SHA512 = 14 CustomAlgorithm3 = 15 MD5Crypt = 16 CustomAlgorithm4 = 17 CustomAlgorithm5 = 18 DESCrypt = 20 MySQLPre4_1 = 21 MySQLPost4_1 = 22 PeopleSoft = 23 PunBB = 24 CustomAlgorithm6 = 25 PartialMD5_20 = 26 AVE_DataLife_Diferior = 27 DjangoMD5 = 28 DjangoSHA1 = 29 PartialMD5_29 = 30 PliggCMS = 31 RunCMS_SMF1_1 = 32 NTLM = 33 SHA1Dash = 34 SHA384 = 35 CustomAlgorithm7 = 36 CustomAlgorithm8 = 37 CustomAlgorithm9 = 38 SHA512Crypt = 39 CustomAlgorithm10 = 40 HMACSHA1_SaltAsKey = 41 AuthMeSHA256 = 42 SHA256Crypt = 43 Unknown = 97 UnusablePassword = 98 None = 99 )
const Version = 0x13
The Argon2 version implemented by this package.
Variables ¶
This section is empty.
Functions ¶
func CalcHMACSHA1SaltAsKey ¶
func CalcMySQLPost4_1 ¶
func CalcMySQLPre4_1 ¶
func CalcPasswordHash ¶
func CalcPasswordHash(passwordType PasswordType, password string, salt string) (string, error)
func CalcPeopleSoft ¶
func CalcSHA256 ¶
func CalcSHA384 ¶
func CalcSHA512 ¶
Types ¶
type AccountsResponse ¶
type AccountsResponse struct { LastBreachDate time.Time CredentialsHashes []CredentialsHashSpecification PasswordHashesRequired []PasswordHashSpecification Salt string }
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func NewClient ¶
NewClient creates a new instance of the Enzoic Client, taking your API key and secret as parameters.
func NewClientWithCustomBaseURL ¶
NewClientWithCustomBaseURL creates a new instance of the Enzoic Client, taking your API key and secret as parameters.
func (*Client) AddDomainAlertSubscriptions ¶
func (e *Client) AddDomainAlertSubscriptions(domains []string) (*AddSubscriptionsResponse, error)
AddDomainAlertSubscriptions takes an array of domains (e.g. enzoic.com) and adds them to the list of domains your account monitors for new credentials exposures. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/breach-monitoring-api/breach-monitoring-by-domain#add-breach-alert-subscriptions
func (*Client) AddUserAlertSubscriptions ¶
func (e *Client) AddUserAlertSubscriptions(usernames []string, customData string) (*AddSubscriptionsResponse, error)
AddUserAlertSubscriptions takes an array of email addresses and adds them to the list of users your account monitors for new credentials exposures. The customData parameter can optionally be used with any string value to tag the new subscription items with a custom value. This value will be sent to your webhook when a new alert is found for one of these users and can also be used to lookup or delete entries. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/breach-monitoring-api/breach-monitoring-by-user#add-breach-alert-subscriptions
func (*Client) CheckCredentials ¶
CheckCredentials checks whether the username/password provided in the parameters are in the Enzoic database of compromised user credentials. If so, it will return true.
func (*Client) CheckCredentialsEx ¶
func (e *Client) CheckCredentialsEx(username, password string, lastCheckDate *time.Time, excludeHashTypes []PasswordType, useRawCredentials bool) (bool, error)
CheckCredentialsEx checks whether the username/password provided in the parameters are in the Enzoic database of compromised user credentials. If so, it will return true. It also accepts the following parameters:
lastCheckDate - if provided, the timestamp for the last check you performed for this user. If the date/time you provide for the last check is greater than the timestamp Enzoic has for the last breach affecting this user, the check will not be performed. This can be used to substantially increase performance. Can be set to nil if no last check was performed or the credentials have changed since.
excludeHashTypes - if provided, only credentials which do not include any of the specified hash types will be checked. By excluding computationally expensive PasswordTypes, such as BCrypt, it is possible to balance the performance of this call against security. Can be set to empty array if you do not wish to exclude any hash types.
useRawCredentials - if true, the Raw Credentials variant of the Credentials API. The Raw Credentials version of the Credentials API allows you to check usernames and passwords for compromise without passing even a partial hash to Enzoic. This works by pulling down all of the Credentials Hashes Enzoic has for a given username and calculating/comparing locally. The only thing that gets passed to Enzoic in this case is a SHA-256 hash of the username. Raw Credentials requires a separate approval to unlock. If you're interested in getting approved, please contact us through our website.
func (*Client) CheckPassword ¶
CheckPassword checks whether the password provided in the password parameter is in the Enzoic database of known, compromised passwords. If so it will return true. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/passwords-api
func (*Client) CheckPasswordWithExposure ¶
func (e *Client) CheckPasswordWithExposure(password string, revealedInExposure *bool, exposureCount *int) (bool, error)
CheckPasswordWithExposure checks whether the password provided in the password parameter is in the Enzoic database of known, compromised passwords. If so it will return true. Also updates the revealedInExposures and exposureCount parameters with the results of the check, indicating if this is a password which is just weak (revealedInExposure false) or was actually exposed in a breach. The exposureCount parameter will be set to the number of exposures it has been found in and can be used as a relative measure of the risk of the password. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/passwords-api
func (*Client) DeleteDomainAlertSubscriptions ¶
func (e *Client) DeleteDomainAlertSubscriptions(domains []string) (*DeleteSubscriptionsResponse, error)
DeleteDomainAlertSubscriptions takes an array of domains you wish to remove from monitoring for new credentials exposures. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/breach-monitoring-api/breach-monitoring-by-domain#remove-breach-alert-subscriptions
func (*Client) DeleteUserAlertSubscriptions ¶
func (e *Client) DeleteUserAlertSubscriptions(usernames []string) (*DeleteSubscriptionsResponse, error)
DeleteUserAlertSubscriptions takes an array of email addresses you wish to remove from monitoring for new credentials exposures. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/breach-monitoring-api/breach-monitoring-by-user#remove-breach-alert-subscriptions
func (*Client) DeleteUserAlertSubscriptionsByCustomData ¶
func (e *Client) DeleteUserAlertSubscriptionsByCustomData(customData string) (*DeleteSubscriptionsResponse, error)
DeleteUserAlertSubscriptions takes a customData value and deletes all alert subscriptions that have that value. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/breach-monitoring-api/breach-monitoring-by-user#remove-breach-alert-subscriptions
func (*Client) GetDomainAlertSubscriptions ¶
func (e *Client) GetDomainAlertSubscriptions(pageSize int, pagingToken string) (*GetDomainSubscriptionsResponse, error)
GetDomainAlertSubscriptions returns a list of all the domains your account is monitoring for new credentials exposures. The results of this call are paginated. pageSize can be any value from 1 to 1000. If pageSize is not specified, the default is 1000. pagingToken is a value returned with each page of results and should be passed into this call to retrieve the next page of results. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/breach-monitoring-api/breach-monitoring-by-domain#retrieve-current-breach-alert-subscriptions
func (*Client) GetExposedUsersForDomain ¶
func (e *Client) GetExposedUsersForDomain(domain string, pageSize int, pagingToken string) (*ExposedUsersForDomain, error)
GetExposedUsersForDomain returns a list of all users for a given email domain who have had credentials revealed in exposures. The results of this call are paginated. pageSize can be any value from 1 to 1000. If pageSize is not specified, the default is 1000. pagingToken is a value returned with each page of results and should be passed into this call to retrieve the next page of results. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/exposures-api/get-exposures-for-all-email-addresses-in-a-domain
func (*Client) GetExposureDetails ¶
func (e *Client) GetExposureDetails(exposureID string) (*ExposureDetails, error)
GetExposureDetails returns the detailed information for a credentials Exposure. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/exposures-api/retrieve-details-for-an-exposure
func (*Client) GetExposuresForDomain ¶
func (e *Client) GetExposuresForDomain(domain string, pageSize int, pagingToken string) (*ExposuresForDomain, error)
GetExposuresForDomain returns a list of all exposures found involving users with email addresses from a given domain. The result will be an array of exposure IDs which can be used with the GetExposureDetails call to retrieve details. The results of this call are paginated. pageSize can be any value from 1 to 500. If pageSize is not specified, the default is 100. pagingToken is a value returned with each page of results and should be passed into this call to retrieve the next page of results. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/exposures-api/get-exposures-for-a-domain
func (*Client) GetExposuresForDomainIncludeDetails ¶
func (e *Client) GetExposuresForDomainIncludeDetails(domain string, pageSize int, pagingToken string) (*ExposuresForDomainIncludeDetails, error)
GetExposuresForDomainIncludeDetails returns a list of all exposures found involving users with email addresses from a given domain with the details for each exposure included inline in the response. The results of this call are paginated. pageSize can be any value from 1 to 500. If pageSize is not specified, the default is 100. pagingToken is a value returned with each page of results and should be passed into this call to retrieve the next page of results. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/exposures-api/get-exposures-for-a-domain
func (*Client) GetExposuresForUser ¶
GetExposuresForUser returns all of the credentials Exposures that have been found for a given username. The username will be hashed using SHA-256 before being passed to the Enzoic API. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/exposures-api/get-exposures-for-an-email-address
func (*Client) GetUserAlertSubscriptions ¶
func (e *Client) GetUserAlertSubscriptions(pageSize int, pagingToken string) (*GetSubscriptionsResponse, error)
GetUserAlertSubscriptions returns a list of all the users your account is monitoring for new credentials exposures. The results of this call are paginated. pageSize can be any value from 1 to 1000. If pageSize is not specified, the default is 1000. pagingToken is a value returned with each page of results and should be passed into this call to retrieve the next page of results. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/breach-monitoring-api/breach-monitoring-by-user#retrieve-current-breach-alert-subscriptions
func (*Client) GetUserAlertSubscriptionsByCustomData ¶
func (e *Client) GetUserAlertSubscriptionsByCustomData(customData string, pageSize int, pagingToken string) (*GetSubscriptionsResponse, error)
GetUserAlertSubscriptionsByCustomData returns a list of all the users your account is monitoring for new credentials exposures with the provided customData value. The results of this call are paginated. pageSize can be any value from 1 to 1000. If pageSize is not specified, the default is 1000. pagingToken is a value returned with each page of results and should be passed into this call to retrieve the next page of results. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/breach-monitoring-api/breach-monitoring-by-user#retrieve-current-breach-alert-subscriptions
func (*Client) GetUserPasswords ¶
func (e *Client) GetUserPasswords(username string) (*UserPasswords, error)
GetUserPasswords returns a list of passwords that Enzoic has found for a specific user. This call must be enabled for your account or you will receive a 403 rejection when attempting to call it. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/credentials-api/cleartext-credentials-api
func (*Client) IsDomainSubscribedForAlerts ¶
IsDomainSubscribedForAlerts takes a domain and returns true if the domain is subscribed for alerts, false otherwise. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/breach-monitoring-api/breach-monitoring-by-domain#retrieve-current-breach-alert-subscriptions
func (*Client) IsUserSubscribedForAlerts ¶
IsUserSubscribedForAlerts takes a username and returns true if the user is subscribed for alerts, false otherwise. see https://docs.enzoic.com/enzoic-api-developer-documentation/api-reference/breach-monitoring-api/breach-monitoring-by-user#retrieve-current-breach-alert-subscriptions
type CredentialsHashSpecification ¶
type CredentialsHashSpecification struct { Salt string HashType PasswordType CredentialsHash string }
type ExposedUserForDomain ¶
type ExposedUsersForDomain ¶
type ExposedUsersForDomain struct { Count int `json:"count"` Users []ExposedUserForDomain `json:"users"` PagingToken string `json:"pagingToken"` }
type ExposureDetails ¶
type ExposureDetails struct { ID string `json:"id"` Title string `json:"title"` Entries int64 `json:"entries"` Date *time.Time `json:"date"` Category string `json:"category"` PasswordType string `json:"passwordType"` ExposedData []string `json:"exposedData"` DateAdded *time.Time `json:"dateAdded"` SourceURLs []string `json:"sourceURLs"` DomainsAffected int `json:"domainsAffected"` }
type ExposuresForDomain ¶
type ExposuresForDomainIncludeDetails ¶
type ExposuresForDomainIncludeDetails struct { Count int `json:"count"` Exposures []ExposureDetails `json:"exposures"` PagingToken string `json:"pagingToken"` }
type ExposuresResponse ¶
type HashVersionTooNewError ¶
type HashVersionTooNewError byte
func (HashVersionTooNewError) Error ¶
func (hv HashVersionTooNewError) Error() string
type InvalidCostError ¶
type InvalidCostError int
func (InvalidCostError) Error ¶
func (ic InvalidCostError) Error() string
type InvalidHashPrefixError ¶
type InvalidHashPrefixError byte
The error returned from CompareHashAndPassword when a hash starts with something other than '$'
func (InvalidHashPrefixError) Error ¶
func (ih InvalidHashPrefixError) Error() string
type PasswordDetails ¶
type PasswordDetails struct { HashType PasswordType `json:"hashType"` Password string `json:"password"` Salt string `json:"salt"` Exposures []string `json:"exposures"` }
type PasswordHashSpecification ¶
type PasswordHashSpecification struct { Salt string HashType PasswordType }
type PasswordType ¶
type PasswordType int32
type UserPasswords ¶
type UserPasswords struct { LastBreachDate time.Time `json:"lastBreachDate"` Passwords []PasswordDetails `json:"passwords"` }