moritz/have_i_b33n_pwned
0
0
Fork 0
Code Issues Pull Requests Releases 2 Activity
23 Commits 1 Branch 2 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Check if your passwords got pwned.

This tools searches your password in the leak-database from haveibeenpwned.com. However, your password is not beeing exposed. Instead the 5 first characters from the sha1-hash of your password are send to the api:

  1. Secret password: c@ntknOwth1s
  2. Compute the sha1: 68f2b2d8713ff1c25a437db21dbbd395bfb9881e
  3. Take first 5 chars: 68f2b
  4. Make a request: https://api.haveibeenpwned.com/range/68f2b
  5. Get a list with similar hashes that start with the same 5 chars.
  6. Search for the sha1 hash (from step 2) within the list.

Examples

Check multiple password at once as script arguments

Note: This approach will put all entered password in your shell command history (such as the bash history). Therefore this method is only recommended if you trust anybody else who has acces to the history or if you clean all passwords from the history.

The following shows that passwords like password, p@ssw0rd and even p@$$wOrd have been leaked already and should obviously never be used as passwords again. Note the use of single ticks ' for the third and fourth password as the $-sign confuses the shell otherwise.

./have_I_b33n_pwned.py password p@ssw0rd 'p@$$wOrd' 'P@$sW0rD&'

password                      leaked    sha1
--------------------------------------------------------------------------------
password                      3645804   5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8
p@ssw0rd                      50431     57B2AD99044D337197C0C39FD3823568FF81E48A
p@$$wOrd                      5         40C38039F7CBA6C201CFF01CBB239150E0FF2AA8
P@$sW0rD&                     not yet   1B34EF732FC1EB5925EEAF3155BECBB44275194A

Check one password at a time via a secure prompt

When you invoke the script without any arguments you will be prompted for a password which you can enter without somebody else seeing the characters on the screen:

./have_I_b33n_pwned.py

Tell me your password:

password                      leaked    sha1
--------------------------------------------------------------------------------
*****************             not yet   D733AC268852F7796A0E2118531347A8B4954734

Install

git clone https://willipink.eu/git/moritz/have_I_b€€n_pwned.git
cd have_I_b€€n_pwned
python -m pip install pipenv  # optional if you do not yet have it installed
python -m pipenv install
python -m pipenv shell
./src/have_I_B33n_pwned.py [password1 password2 ...]

Build

Run ./build.sh, this will create out of the box executables for linux, mac and windows in dist.

Description
Check if your password (hash) appears in the leaked password database of haveibeenpwned.com
python
Readme 360 KiB
Releases 2
have I b33n pwned 0.2.0 Latest
2019-05-29 14:11:50 +02:00
Languages
Python 97.9%
Shell 2.1%