Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/JoshuaMart/PwnedPasswordsChecker
Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list v8)
https://github.com/JoshuaMart/PwnedPasswordsChecker
crypta golang hibp leak ntlm osint password redteam sha1
Last synced: 2 months ago
JSON representation
Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list v8)
- Host: GitHub
- URL: https://github.com/JoshuaMart/PwnedPasswordsChecker
- Owner: JoshuaMart
- Created: 2020-01-24T17:45:22.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2021-12-22T13:40:41.000Z (almost 3 years ago)
- Last Synced: 2024-07-27T06:40:06.432Z (2 months ago)
- Topics: crypta, golang, hibp, leak, ntlm, osint, password, redteam, sha1
- Language: Go
- Homepage:
- Size: 18.6 KB
- Stars: 59
- Watchers: 7
- Forks: 12
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# PwnedPasswordsChecker
![banner](https://zupimages.net/up/20/04/zsp8.png)![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg) ![made-with-go](https://img.shields.io/badge/made%20with-go-blue) ![MIT license](https://img.shields.io/badge/License-MIT-blue.svg)**PwnedPasswordsChecker** is a tool that checks if the hash of a known password (in SHA1 or NTLM format) is present in the list of I Have Been Pwned leaks and the number of occurrences.
You can download the hash-coded version for SHA1 [here](https://downloads.pwnedpasswords.com/passwords/pwned-passwords-sha1-ordered-by-hash-v8.7z) or the hash-coded version for NTLM [here](https://downloads.pwnedpasswords.com/passwords/pwned-passwords-ntlm-ordered-by-hash-v8.7z)
Once the list is downloaded it is then necessary to convert it to binary by using my other tool [HIBP PasswordList Slimmer](https://github.com/JoshuaMart/HIBP_PasswordList_Slimmer)
*This script only works with the HIBP version sorted by hash and entry hashes must be in lowercase and preferably ordered by hashs*
## Usage :
```
./PwnedPasswordsChecker {InputHashList} {HashType} {OutputFile} {CompressedHIBPHashList}
./PwnedPasswordsChecker .\NTLM_LIST.txt NTLM .\Output.txt .\ntlm_hibp_compressed.bin
```Output format : `{hash}:{occurence}`
## Installation :
Download the compiled version for Windows or Linux from [release page](https://github.com/JoshuaMart/PwnedPasswordsChecker/releases)If you wish to compile it yourself, you will need to have golang installed on your system and perform the following commands:
```bash
git clone https://github.com/JoshuaMart/PwnedPasswordsChecker && cd PwnedPasswordsChecker
go build main.go
```## Screenshots
Thanks to the use of a "compressed" format the tool has largely gained in performance, example of use between the old version and the new one with a list of 20,000 hashes (Intel Core I7 8565U) :![Screenshot](https://zupimages.net/up/20/05/cudb.png)
## Improvements
Feel free to contact me on [Twitter](https://twitter.com/J0_mart) or do a PR to improve the script.