/is_my_password_pwned

How often does your password appear in the Pwned Passwords database? Uses the k-anonymity API.

Primary LanguageShellMIT LicenseMIT

Is my password pwned?

Find out how often your password appears in Troy Hunt's Pwned Passwords database.

This script uses the k-anonymity API to keep your password from leaving your computer, and it's written in concise Bash for transparency and portability.

This script no longer accepts passwords via command line arguments. This usage would expose passwords in your shell's history, or to people in view of your computer screen. Clearly, you can still pipe passwords to the script, but doing so is strongly discouraged.

Usage Examples

$ ./pwned_pass.sh

REMINDER: This tool does not check password strength!

Type a password and hit Enter (leave empty to exit):
Hash prefix: 5baa6
Hash suffix: 1e4c9b93f3f0682250b6cf8331b7ee68fd8

Looking up your password...
Your password appears in the Pwned Passwords database 3645804 time(s).
Your password is thoroughly pwned! DO NOT use this password for any reason!
$ cat passwords.txt | ./pwned_pass.sh -q
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8    3645804
8843d7f92416211de9ebb963ff4ce28125932878    11958
5c6d9edc3a951cda763f650235cfc41a3fc23fe8    203116