Check securely whether a password is listed on haveibeenpwned.com. The script was written to address the common concern of pasting your passwords into unknown web sited and quickly check a password status from the command prompt.
Python 3 is required to run the script.
git clone https://github.com/yanivmo/is-password-compromised.git
cd is-password-compromisedRead the password from a file:
./is-password-compromised password.txtPipe the password into the script:
echo -n 123456 | ./is-password-compromisedSpecify the password as the command argument:
./is-password-compromised -p 123456Read the password from stdin, concealing the password:
./is-password-compromised -sThe script prints the number of occurrences of the specified password in the database.
As you can see from this very short script, the password itself is never sent to the server. The password is hashed using SHA1 algorithm and only the first five digits (out of 40) are sent as per the haveibeenpwned API specification.
Thanks to the great guys at haveibeenpwned.com for the valuable service. This script is just a shortcut to their service :)