{"id":14156593,"url":"https://github.com/easybill/easypwned","last_synced_at":"2026-04-02T18:59:05.723Z","repository":{"id":43177537,"uuid":"468375994","full_name":"easybill/easypwned","owner":"easybill","description":"offline haveibeenpwned HIBP check and downloader, rest api, easybill","archived":false,"fork":false,"pushed_at":"2024-10-01T16:51:32.000Z","size":159,"stargazers_count":26,"open_issues_count":1,"forks_count":6,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-08-06T03:39:14.002Z","etag":null,"topics":["haveibeenpwned","hibp","password","security"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/easybill.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-03-10T14:24:37.000Z","updated_at":"2025-05-13T09:16:51.000Z","dependencies_parsed_at":"2024-01-19T13:57:25.845Z","dependency_job_id":"395ea7f0-3375-492a-959e-4501de039b9f","html_url":"https://github.com/easybill/easypwned","commit_stats":null,"previous_names":[],"tags_count":28,"template":false,"template_full_name":null,"purl":"pkg:github/easybill/easypwned","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/easybill%2Feasypwned","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/easybill%2Feasypwned/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/easybill%2Feasypwned/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/easybill%2Feasypwned/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/easybill","download_url":"https://codeload.github.com/easybill/easypwned/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/easybill%2Feasypwned/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28886886,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-29T21:06:44.224Z","status":"ssl_error","status_checked_at":"2026-01-29T21:06:42.160Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["haveibeenpwned","hibp","password","security"],"created_at":"2024-08-17T08:06:45.861Z","updated_at":"2026-01-29T22:05:30.151Z","avatar_url":"https://github.com/easybill.png","language":"Rust","funding_links":[],"categories":["security"],"sub_categories":[],"readme":"# easypwned (haveibeenpwned / HIBP)\nRest API to check if a password is in a data breach. Works offline - everything stays on your machine! Database is included.\nWe also provide a [downloader for the hibp database](https://github.com/easybill/easypwned#download-the-haveibeenpwned--hibp-database-pwnedpasswordsdownloader).\n\n## Example\nThe simplest way to run it is using docker:\n\n```bash\ndocker run --rm --network=host easybill/easypwned:v0.0.26\ncurl http://127.0.0.1:3342/pw/[BLANK_PASSWORD]  # use /hash/SHA1 in prod apps (pw/[PW] is for testing).\ncurl http://127.0.0.1:3342/hash/0000001C5F765AA063E4F8470451F85F7DB4ED3A # \u003c\u003c UPPERCASE(SHA1(PLAINTEXT)),\n```\nThe [dockerimage](https://hub.docker.com/r/easybill/easypwned) comes with a list of compromised passwords in the form of a [bloomfilter](https://en.wikipedia.org/wiki/Bloom_filter) (~ 1GB).\n\n## Is it safe?\nEasypwned does not need external network access. passwords and hashes are never leaving your server.\nUse the `/hash/[SHA1]` endpoint in production to avoid sending them through the network stack.\n\n## How it works\nEasypwned checks passwords based on the password list provided by [haveibeenpwned](https://haveibeenpwned.com/Passwords).\nWe use a bloomfilter, so it is freaking fast. The bloomfilter is generated with a chance of 1% that you get false positives.\n\n## Endpoints\n### /pw/[blank_password]\nYou'll get a `\"secure\":true` if the password is not breached.\nuse the /hash/ endpoint in production instead!\n```\ncurl http://127.0.0.1:3342/pw/test\n{\"hash\":\"A94A8FE5CCB19BA61C4C0873D391E987982FBBD3\",\"pw\":\"test\",\"secure\":false}\n```\n### /hash/[UPPERCASE(SHA1(blank_password))]\nYou'll get a `\"secure\":true` if the password is not breached.\n\n```\ncurl http://127.0.0.1:3342/hash/0000000CAEF405439D57847A8657218C618160B2\n{\"hash\":\"A94A8FE5CCB19BA61C4C0873D391E987982FBBD3\",\"pw\":\"test\",\"secure\":false}\n```\n\n### /check (POST)\nIn prod prefer POST, some tracing / logging / debug libs like to collecting url parameters.\n\n```\ncurl -X POST http://127.0.0.1:3342/check -H 'Content-Type: application/json' -d '{\"hash\": \"0000001C5F765AA063E4F8470451F85F7DB4ED3X\"}'\n\n```\n\n\n\nphp example\n```php\n(new \\GuzzleHttp\\Client(['base_uri' =\u003e 'localhost:3342']))-\u003eget('/hash/' . mb_strtoupper(sha1($password)));\n```\n\n## Using without docker\nWe build Binaries for Linux ([arm64](https://github.com/easybill/easypwned/releases/latest/download/easypwned_aarch64-unknown-linux-musl), [x86](https://github.com/easybill/easypwned/releases/latest/download/easypwned_x86_64-unknown-linux-musl\n)) and OSX ([arm64](https://github.com/easybill/easypwned/releases/latest/download/easypwned_aarch64-apple-darwin), [x86](https://github.com/easybill/easypwned/releases/latest/download/easypwned_x86_64-apple-darwin)).\nIf you use the Binaries you need to provide the bloom filter. You could extract it from the docker container or build it on your own.\n\n## Download the haveibeenpwned / HIBP Database (PwnedPasswordsDownloader)\n\nWe also provide a downloader for the haveibeenpwned / HIBP Database, you can build the downloader on your own or use out pre build binaries for Linux ([arm64](https://github.com/easybill/easypwned/releases/latest/download/easypwned_haveibeenpwned_downloader_aarch64-unknown-linux-musl), [x86](https://github.com/easybill/easypwned/releases/latest/download/easypwned_haveibeenpwned_downloader_x86_64-unknown-linux-musl\n)) and OSX ([arm64](https://github.com/easybill/easypwned/releases/latest/download/easypwned_haveibeenpwned_downloader_aarch64-apple-darwin), [x86](https://github.com/easybill/easypwned/releases/latest/download/easypwned_haveibeenpwned_downloader_x86_64-apple-darwin))\n\nthere is also an [official downloader (PwnedPasswordsDownloader)](https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader) but it is written in c# has no pre build binaries and no support for building bloom filters on the fly.\n\nIf you download the hibp database multiple times your file would end up with different file hashes.\nThe order of the data will be different. the downloader needs do around a million http requests and the order of the incoming data\nis directly piped to the output. You can adjust the number of the parallel requests using the argument `--parallel`. the default value is 60.\n\nDownload as Text File:\n```bash\n./easypwned_haveibeenpwned_downloader_aarch64-apple-darwin --sink-stdout\n\n// you may want to pipe it to a file ...\n./easypwned_haveibeenpwned_downloader_aarch64-apple-darwin --sink-stdout \u003e hibp.txt\n```\n\nDownload and Create Bloom File\n```bash\n./easypwned_haveibeenpwned_downloader_aarch64-apple-darwin --sink-bloom-file=easypwned.bloom\n```\n\n## How fast is it?\ni don't exacly know, but it's very fast. I just did some very basic benchmarks on my m1 studio + apache benchmark.\nIt is probably much faster in real world scenarios.\n```\nRequests per second:    24505.60 [#/sec] (mean)\nTime per request:       4.081 [ms] (mean)\nTime per request:       0.041 [ms] (mean, across all concurrent requests)\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feasybill%2Feasypwned","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feasybill%2Feasypwned","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feasybill%2Feasypwned/lists"}