2019-01-17 21:29:01 +01:00
|
|
|
# My Have I been pwned scripts
|
|
|
|
|
|
|
|
|
|
These are my scripts to the haveibeenpwned.com api.
|
|
|
|
|
... To be extended ...
|
|
|
|
|
|
2023-11-19 21:16:32 +01:00
|
|
|
> :fire: **Keep in mind that your passwordlist is highly confidential and you should be
|
|
|
|
|
able to delete it securely after finished.**
|
2019-01-17 21:29:01 +01:00
|
|
|
|
|
|
|
|
## checkPasswordList.sh
|
|
|
|
|
|
|
|
|
|
This script checks a list of passwords against the api and reports whether they hae been compromised.
|
2023-11-19 21:16:32 +01:00
|
|
|
Lines starting with <space># are considered comments.
|
2019-01-17 21:29:01 +01:00
|
|
|
The passwords themselfs will NOT be send to the web-api.
|
|
|
|
|
haveibeenpwned.com's k-anonymity model is used.
|
|
|
|
|
More info can be found here https://haveibeenpwned.com/API/v2#PwnedPasswords
|
|
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
$ ./checkPasswordList.sh passwordlist.txt
|
|
|
|
|
Checking passwords from list passwordlist.txt
|
|
|
|
|
XX: Password P@ssw0rd has been pwned 51259 times.
|
|
|
|
|
__: Password c60e6754-8abf-4c0f-a7a7-2225da28637f has not been pwned.
|
|
|
|
|
__: Password c60e6754-8a f-4c0f-a7a -2225da28637f has not been pwned.
|
|
|
|
|
==: 1 of 3 passwords have been pwned.
|
|
|
|
|
```
|
2023-11-19 21:16:32 +01:00
|
|
|
|
|
|
|
|
## dumpPasswordstore.sh
|
|
|
|
|
Dump the passwords from [passwordstore](https://www.passwordstore.org/) into
|
|
|
|
|
a list to be used with checkPasswordList.sh.
|
|
|
|
|
The filenames will be masked as comments (see above).
|
