This script uses the pwnedpasswords.com v2 api to check your password in a secure way (using the K-anonymity method)
The full Hash is never transmitted over the wire, only the first 5 characters. The comparison happens offline.
Special thanks to Troy Hunt (@troyhunt) for making this project possible.
pip install pywnedpasswordspywnedpasswordsInsert your password when asked.
the output will either be:
Password to check:
Found your password 47205 times.
or in case your password is secure
Password to check:
Your password did not appear in PwnedPasswords yet.
Discouraged - as it might leaves the password in your shell history
pywnedpasswords Passw0rdFound your password 46980 times.
Discouraged - as it might leaves the password in your shell history
echo -n 'Passw0rd!' | pywnedpasswords Found your password 46980 times.
pywnedpasswords -f list-of-passwords.txtResult is in the form: <line number>: <number of time the password was found>. 0 meaning the password is not known from Have I Been Pwned yet.
0: 7026 1: 45337 2: 376 3: 51 4: 27 5: 11 6: 136 7: 1 8: 6 9: 1 10: 0 11: 0 12: 0
The pywnedpasswords exits with code 2 if the password is know of Have I Been Pwned already, and exit code 0 otherwise.
© xmatthias 2018