{"id":17101342,"url":"https://github.com/hackerb9/pwnedpass","last_synced_at":"2025-06-24T00:35:26.778Z","repository":{"id":113746460,"uuid":"173902342","full_name":"hackerb9/pwnedpass","owner":"hackerb9","description":"Securely check if a password is known in Troy Hunt's Pwned Passwords database","archived":false,"fork":false,"pushed_at":"2019-04-17T11:45:52.000Z","size":33,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-23T19:16:11.658Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hackerb9.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-03-05T08:05:24.000Z","updated_at":"2023-02-20T04:07:24.000Z","dependencies_parsed_at":null,"dependency_job_id":"ab153a1c-4f7c-43af-ae17-697b417a2b8e","html_url":"https://github.com/hackerb9/pwnedpass","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hackerb9/pwnedpass","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackerb9%2Fpwnedpass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackerb9%2Fpwnedpass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackerb9%2Fpwnedpass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackerb9%2Fpwnedpass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hackerb9","download_url":"https://codeload.github.com/hackerb9/pwnedpass/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackerb9%2Fpwnedpass/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261583278,"owners_count":23180641,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-14T15:24:51.694Z","updated_at":"2025-06-24T00:35:26.760Z","avatar_url":"https://github.com/hackerb9.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pwnedpass\nSecurely check if a password is known in Troy Hunt's Pwned Passwords database\n\n![Example of pwnedpass usage](/README.md.d/example1.png \"./pwnedpass passwordhere\")\n\n## Install and usage\n\nJust download the `pwnedpass` script, chmod it, and run it.\n\n    wget https://github.com/hackerb9/pwnedpass/raw/master/pwnedpass\n    chmod +x pwnedpass\n    ./pwnedpass MyPassword1\n    \nDon't want your password saved in your .history file? No problem. Just run `./pwnedpass` without any arguments and it'll prompt your for the password to check. \n\n## What is pwnedpass?\n\nPwnedpass reads in a password and prints out whether it has been seen\nin previous security breaches using Troy Hunt's \"pwned password\"\ndatabase.\n\nThis script is for people who don't want to plug their password into\n[random third party websites](https://haveibeenpwned.com/Passwords) to\nsee if it is a known password. While I trust Troy Hunt, I don't trust\nthat his web service won't get hijacked and dynamically load malicious\nJavascript. This shell script solves that problem by being short\nenough that anyone can verify that it is secure before they run it on\ntheir own machine.\n\nActual passwords are _never_ sent on the Internet. Instead, a SHA1\nhash is taken and only the first five characters of the hash are sent.\nThe database returns around 500 possible hashes that begin with that\nprefix and we grep to see if ours is among them.\n\nYou can read more about Troy Hunt's database here:\nhttps://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/\n\n## Memorizable passwords that are secure\n\nTroy Hunt is big on keeping all your passwords in a program which is\nunlocked by a master password. I'm not a fan of that as I see it as\nputting too many eggs in one basket (and then painting a bullseye on\nthe basket for ne'er-do-wells to aim for) .\n\nI prefer a tiered approach: strong passwords and [FIDO2 hardware\nkeys](https://solokeys.com) for banks, shopping, and e-mail. A medium password\nfor various social media accounts. A weak password for the zillions of\nsites that insist I give them a password, although I actively distrust\nthem.\n\nIf you want to create a memorable password, try using hackerb9's\n[`mkpass`](https://github.com/hackerb9/mkpass/) program which uses an\n[XKCD 936](https://xkcd.com/936/) compliant generation method, but\nallows you to use a corpus of documents with words salient to you\nrather than a generic dictionary. (The _bag_ _fifty_ _rose_ _standing_\nexample above is a password created using Andrew Lang's Fairy Books as\nthe source of words.) \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackerb9%2Fpwnedpass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhackerb9%2Fpwnedpass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackerb9%2Fpwnedpass/lists"}