This script uses the pwnedpasswords.com v2 api to check your password in a secure way (using the K-anonymity method)
The full Hash is never transmitted over the wire, only the first 5 characters. The comparison happens offline.
Special thanks to Troy Hunt (@troyhunt) for making this project possible.
pip install pywnedpasswordspywnedpasswordsInsert your password when asked.
the output will either be:
Password to check:
Found your password 47205 times.
or in case your password is secure
Password to check:
Your password did not appear in PwnedPasswords yet.
Discouraged - as it might leaves the password in your shell history
pywnedpasswords Passw0rdFound your password 46980 times.
Discouraged - as it might leaves the password in your shell history
echo -n 'Passw0rd!' | pywnedpasswords Found your password 46980 times.
pywnedpasswords -f list-of-passwords.txtResult is in the form: <line number>: <number of time the password was found>. 0 meaning the password is not known from Have I Been Pwned yet.
0: 7026
1: 45337
2: 376
3: 51
4: 27
5: 11
6: 136
7: 1
8: 6
9: 1
10: 0
11: 0
12: 0
The pywnedpasswords exits with code 2 if the password is know of Have I Been Pwned already, and exit code 0 otherwise.