https://github.com/technion/rustypwneddownloader

Rust based pwnedpasswords Downloader
https://github.com/technion/rustypwneddownloader

Last synced: 2 months ago
JSON representation

Rust based pwnedpasswords Downloader

• Host: GitHub
• URL: https://github.com/technion/rustypwneddownloader
• Owner: technion
• License: mit
• Created: 2023-05-17T09:17:00.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-07-23T12:35:26.000Z (6 months ago)
• Last Synced: 2024-07-23T14:47:01.744Z (6 months ago)
• Language: Rust
• Size: 146 KB
• Stars: 6
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# RustyPwnedPasswordsDownloader

This is a Rust implementation of this project: https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader

## Installation

Grab the single executable download from here: https://github.com/technion/rustypwneddownloader/releases/latest/download/rustypwneddownloader.exe

This app is expected to run on any platform that Rust compiles for, but presently you'll need to fetch the source and build it.

## Improvements

The major issue that this project solves is the dotnet requirement: I appreciate that dotnet now runs on Linux. This has been noted in multiple Github issues, however many of us do not wish to install a Microsoft Framework just to then install a small app that downloads a file. This app is a standalone executable.

## New Features

If you would like to run a "has this password been seen before" type service, you require the way the dotnet downloader works. However, if you would like to meet modern password requirements for "block commonly used passwords", you do not need a constantly updated, massive text file of passwords that have been seen once (which are not "common"). This downloader allows output to be filtered based on the number of times a password was see (defaults to 3). Set this parameter to 1 to get the old behaviour.

## Usage

```

Usage: rustypwneddownloader.exe [OPTIONS] --filename 

Options:

  -f, --filename   Name of output file

  -m, --minimum     Filter to passwords breached this many times [default: 3]

  -h, --help                 Print help

  -V, --version              Print version

```

## Verifying Builds

All releases are Authenticode signed. You can verify this as below:

```

PS > Get-AuthenticodeSignature .\rustypwneddownloader.exe

    Directory: Downloads

SignerCertificate                         Status                                 Path

-----------------                         ------                                 ----

9C74A96F12A82D4AE8E23E7214D21033D81705A2  Valid                                  rustypwneddownloader.exe

```

In addition, for complete supply chain transparency all releases are signed with [SigStore](https://sigstore.dev/). If you have downloaded the cosign executable, you can verify a download with:

```

.\cosign-windows-amd64.exe verify-blob .\rustypwneddownloader.exe --bundle .\cosign.bundle --certificate-oidc-issuer=https://github.com/login/oauth [email protected]

```

## References

This issue describes a shell script version on which this app was based.

https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader/issues/30