1
0
Fork 0
My Have I been pwned scripts
Find a file
2023-11-19 21:26:48 +01:00
checkPasswordList.sh Add script to dump passwordstore 2023-11-19 21:21:46 +01:00
dumpPasswordstore.sh Fix whitespace 2023-11-19 21:26:48 +01:00
passwordlist.txt INITIAL COMMIT 2019-01-17 21:29:01 +01:00
README.md Add script to dump passwordstore 2023-11-19 21:21:46 +01:00

My Have I been pwned scripts

These are my scripts to the haveibeenpwned.com api. ... To be extended ...

🔥 Keep in mind that your passwordlist is highly confidential and you should be able to delete it securely after finished.

checkPasswordList.sh

This script checks a list of passwords against the api and reports whether they hae been compromised. Lines starting with # are considered comments. The passwords themselfs will NOT be send to the web-api. haveibeenpwned.com's k-anonymity model is used. More info can be found here https://haveibeenpwned.com/API/v2#PwnedPasswords

Example:

$ ./checkPasswordList.sh passwordlist.txt
Checking passwords from list passwordlist.txt
XX: Password P@ssw0rd has been pwned 51259 times.
__: Password c60e6754-8abf-4c0f-a7a7-2225da28637f has not been pwned.
__: Password c60e6754-8a f-4c0f-a7a -2225da28637f has not been pwned.
==: 1 of 3 passwords have been pwned.

dumpPasswordstore.sh

Dump the passwords from passwordstore into a list to be used with checkPasswordList.sh. The filenames will be masked as comments (see above).