moritz/have_i_b33n_pwned
0
0
Fork 0
Code Issues Pull Requests Releases 2 Activity
have_i_b33n_pwned/README.md
koksnuss 968ad8c636 initial commit
2019-05-12 14:59:54 +02:00

43 lines
2.2 KiB
Markdown
Raw Blame History

Check if your passwords got pwned.
This tools searches your password in the leak-database from [haveibeenpwned.com](https://pwnedpasswords.com). However, your password is not beeing exposed. Instead the 5 first characters from the sha1-hash of your password are send to the [api](https://api.haveibeenpwned.com/range/):
```
1. Secret password: c@ntknOwth1s
2. Compute the sha1: 68f2b2d8713ff1c25a437db21dbbd395bfb9881e
3. Take first 5 chars: 68f2b
4. Make a request: https://api.haveibeenpwned.com/range/68f2b
5. Get a list with similar hashes that start with the same 5 chars.
6. Search for the sha1 hash (from step 2) within the list.
# Examples
## Pass passwords as arguments
Note: This approach will put all entered password in your shell command history (such as the bash history). Therefore this method is only recommended if you trust anybody else who has acces to the history or if you clean all passwords from the history.
The following shows that passwords like `password`, `p@ssw0rd` and even `p@$$wOrd` have been leaked already and should obviously never be used as passwords again. Note the use of single ticks `'` for the third and fourth password as the `$`-sign confuses the shell otherwise.
```
./have_I_b33n_pwned.py password p@ssw0rd 'p@$$wOrd' 'P@$sW0rD&'
password leaked sha1
--------------------------------------------------------------------------------
password 3645804 5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8
p@ssw0rd 50431 57B2AD99044D337197C0C39FD3823568FF81E48A
p@$$wOrd 5 40C38039F7CBA6C201CFF01CBB239150E0FF2AA8
P@$sW0rD& not yet 1B34EF732FC1EB5925EEAF3155BECBB44275194A
```
## Enter password secretly into a prompt
When you invoke the script without any arguments you will be prompted for a password which you can enter without somebody else seeing the characters on the screen:
```
./have_I_b33n_pwned.py
Tell me your password:
password leaked sha1
--------------------------------------------------------------------------------
***************** not yet D733AC268852F7796A0E2118531347A8B4954734
```
Reference in New Issue View Git Blame Copy Permalink