PwnedCheck

My idea is to use to check my passwords after exporting and hashing them and use PwnedCheck periodically to ensure they haven't been compromised. its also easy enough to check a new password before using it.

Features

• Check single passwords from command line
• Process multiple passwords from a text file
• Support for pre-hashed passwords (SHA-1)
• Option to hide sensitive password data in output
• Colorized output for better visibility
• Optional statistics reporting for batch processing

Build Instructions

git clone https://github.com/mohamedation/PwnedCheck.git
cd PwnedCheck
go build
                

Tip: Add to /opt or Your PATH

For easier access, you can move the compiled binary to /opt or any directory in your $PATH.
For example:

sudo mv ./pwnedcheck /opt/pwnedcheck
sudo ln -s /opt/pwnedcheck /usr/local/bin/pwnedcheck
                

Now you can run pwnedcheck from anywhere in your terminal.

Usage

• Check a single password:
  ./pwnedcheck password123
• Check multiple passwords:
  ./pwnedcheck love sex secret god
• Check passwords from a file:
  ./pwnedcheck -i passwords.txt

Available Options

• -i string: Input file containing passwords to check (default "passwords.txt")
• -h: Show help
• -c: Show credits
• -hashed: Indicate that the input file or provided password is already hashed
• -hide: Hide passwords in output
• -stats: Show statistics after completion

Example Output

BAD PASSWORD FOUND ON LINE: 1
Password: 123456

Good password
Password: ComplexPassword123!

Total runtime: 1.5s
Total passwords checked: 2
Bad passwords found: 1
Good passwords: 1
                

Security Note

This tool uses the k-Anonymity model implemented by HIBP API to check passwords securely:

• Only the first 5 characters of the password hash are sent to the API
• The actual password is never transmitted
• All processing is done locally on your machine

Credits

• API Service: Have I Been Pwned by Troy Hunt
• The HIBP API and everyone who contributed to it