# My Have I been pwned scripts

These are my scripts to the haveibeenpwned.com api.
... To be extended ...

> :fire: **Keep in mind that your passwordlist is highly confidential and you should be
able to delete it securely after finished.**

## checkPasswordList.sh

This script checks a list of passwords against the api and reports whether they hae been compromised.
Lines starting with <space># are considered comments.
The passwords themselfs will NOT be send to the web-api.
haveibeenpwned.com's k-anonymity model is used.
More info can be found here https://haveibeenpwned.com/API/v2#PwnedPasswords

Example:

```
$ ./checkPasswordList.sh passwordlist.txt
Checking passwords from list passwordlist.txt
XX: Password P@ssw0rd has been pwned 51259 times.
__: Password c60e6754-8abf-4c0f-a7a7-2225da28637f has not been pwned.
__: Password c60e6754-8a f-4c0f-a7a -2225da28637f has not been pwned.
==: 1 of 3 passwords have been pwned.
```

## dumpPasswordstore.sh
Dump the passwords from [passwordstore](https://www.passwordstore.org/) into
a list to be used with checkPasswordList.sh.
The filenames will be masked as comments (see above).