弱密码检测

Worst Password Check

NEILREN.COM,不断收集汇总弱密码数据库,并且开放查询接口,不仅仅用于自身项目还免费服务于广大开发者同行,也希望各位提交新的弱密码到我的数据库。

弱密码检测

开放数据接口

接口地址:http(s)://api.neilren.com/open/checkWoestPassword

返回格式:JSON

请求方式:POST

请求参数说明

名称 类型 是否必填 示例值 说明
pwd string 0PecE$Hg#CDw3vAiw9K2Mb8ZYa$h$nsj 待检测的明文密码,空格会被清除

返回参数说明

名称 类型 说明
success boolean 请求是否执行成功
message string 返回的消息
datetime long 接口响应时的时间戳
data object 返回的数据

返回结果(Data)说明

名称 类型 说明
Score int 得分(0~100)
HitDatabase boolean 是否命中弱密码库
SecuseLevel string 安全等级,共分七级:
非常安全(VERY_SECURE)
安全(SECURE)
非常强(VERY_STRONG)
强(STRONG)
一般(AVERAGE)
弱(WEAK)
非常弱( VERY_WEAK)
Password string 送检的密码

返回JSON结果示例

{
    "success": true,
    "message": "Success!",
    "data": {
        "Score": 100,
        "HitDatabase": false,
        "SecuseLevel": "VERY_SECURE",
        "Password": "0PecE$Hg#CDw3vAiw9K2Mb8ZYa$h$nsj"
    },
    "datetime": 1534865960719
}

什么样的密码会获得高评分?

密码长度大于18位、包含大写字母、小写字母、特殊字符,并且没有在弱密码库中被收录的密码会得到高评分。

代码示例

Curl Demo Code

curl -i -k -X POST 'https://www.neilren.com/api/open/checkWoestPassword' --data 'pwd=mypassword'

Java Demo Code

public static void main(String[] args) {
    String host = "https://www.neilren.com";
    String path = "/api/open/checkWoestPassword";
    String method = "POST";
    Map<String, String> headers = new HashMap<String, String>();
    //根据API的要求,定义相对应的Content-Type
    headers.put("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
    Map<String, String> querys = new HashMap<String, String>();
    Map<String, String> bodys = new HashMap<String, String>();
    bodys.put("pwd", "mypassword");


    try {
    	/**
    	* 重要提示如下:
    	* HttpUtils请从
    	* https://github.com/aliyun/api-gateway-demo-sign-java/blob/master/src/main/java/com/aliyun/api/gateway/demo/util/HttpUtils.java
    	* 下载
    	*
    	* 相应的依赖请参照
    	* https://github.com/aliyun/api-gateway-demo-sign-java/blob/master/pom.xml
    	*/
    	HttpResponse response = HttpUtils.doPost(host, path, method, headers, querys, bodys);
    	System.out.println(response.toString());
    	//获取response的body
    	//System.out.println(EntityUtils.toString(response.getEntity()));
    } catch (Exception e) {
    	e.printStackTrace();
    }
}

Python Demo Code

import urllib, urllib2, sys
import ssl

host = 'https://www.neilren.com'
path = '/api/open/checkWoestPassword'
method = 'POST'
querys = ''
bodys = {}
url = host + path

bodys['pwd'] = '''mypassword'''
post_data = urllib.urlencode(bodys)
request = urllib2.Request(url, post_data)
//根据API的要求,定义相对应的Content-Type
request.add_header('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8')
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
response = urllib2.urlopen(request, context=ctx)
content = response.read()
if (content):
    print(content)

C# Demo Code

//using System.IO;
//using System.Text;
//using System.Net;
//using System.Net.Security;
//using System.Security.Cryptography.X509Certificates;

private const String host = "https://www.neilren.com";
private const String path = "/api/open/checkWoestPassword";
private const String method = "POST";

static void Main(string[] args)
{
    String querys = "";
    String bodys = "pwd=mypassword";
    String url = host + path;
    HttpWebRequest httpRequest = null;
    HttpWebResponse httpResponse = null;

    if (0 < querys.Length)
    {
        url = url + "?" + querys;
    }

    if (host.Contains("https://"))
    {
        ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(CheckValidationResult);
        httpRequest = (HttpWebRequest)WebRequest.CreateDefault(new Uri(url));
    }
    else
    {
        httpRequest = (HttpWebRequest)WebRequest.Create(url);
    }
    httpRequest.Method = method;
    //根据API的要求,定义相对应的Content-Type
    httpRequest.ContentType = "application/x-www-form-urlencoded; charset=UTF-8";
    if (0 < bodys.Length)
    {
        byte[] data = Encoding.UTF8.GetBytes(bodys);
        using (Stream stream = httpRequest.GetRequestStream())
        {
            stream.Write(data, 0, data.Length);
        }
    }
    try
    {
        httpResponse = (HttpWebResponse)httpRequest.GetResponse();
    }
    catch (WebException ex)
    {
        httpResponse = (HttpWebResponse)ex.Response;
    }

    Console.WriteLine(httpResponse.StatusCode);
    Console.WriteLine(httpResponse.Method);
    Console.WriteLine(httpResponse.Headers);
    Stream st = httpResponse.GetResponseStream();
    StreamReader reader = new StreamReader(st, Encoding.GetEncoding("utf-8"));
    Console.WriteLine(reader.ReadToEnd());
    Console.WriteLine("\n");

}

public static bool CheckValidationResult(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{
    return true;
}

PHP Demo Code

<?php
    $host = "https://www.neilren.com";
    $path = "/api/open/checkWoestPassword";
    $method = "POST";
    $headers = array();
    //根据API的要求,定义相对应的Content-Type
    array_push($headers, "Content-Type".":"."application/x-www-form-urlencoded; charset=UTF-8");
    $querys = "";
    $bodys = "pwd=mypassword";
    $url = $host . $path;

    $curl = curl_init();
    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, $method);
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($curl, CURLOPT_FAILONERROR, false);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_HEADER, true);
    if (1 == strpos("$".$host, "https://"))
    {
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    }
    curl_setopt($curl, CURLOPT_POSTFIELDS, $bodys);
    var_dump(curl_exec($curl));
?>

ObjectC Demo Code

NSString *host = @"https://www.neilren.com";
NSString *path = @"/api/open/checkWoestPassword";
NSString *method = @"POST";
NSString *querys = @"";
NSString *url = [NSString stringWithFormat:@"%@%@%@",  host,  path , querys];
NSString *bodys = @"pwd=mypassword";

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString: url]  cachePolicy:1  timeoutInterval:  5];
request.HTTPMethod  =  method;
[request addValue: @"application/x-www-form-urlencoded; charset=UTF-8" forHTTPHeaderField: @"Content-Type"];
NSData *data = [bodys dataUsingEncoding: NSUTF8StringEncoding];
[request setHTTPBody: data];
NSURLSession *requestSession = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]];
NSURLSessionDataTask *task = [requestSession dataTaskWithRequest:request
    completionHandler:^(NSData * _Nullable body , NSURLResponse * _Nullable response, NSError * _Nullable error) {
    NSLog(@"Response object: %@" , response);
    NSString *bodyString = [[NSString alloc] initWithData:body encoding:NSUTF8StringEncoding];

    //打印应答中的body
    NSLog(@"Response body: %@" , bodyString);
    }];

[task resume];