Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list v8)

Notifications You must be signed in to change notification settings

JoshuaMart/PwnedPasswordsChecker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 

Repository files navigation

PwnedPasswordsChecker

bannerMaintenance made-with-go MIT license

PwnedPasswordsChecker is a tool that checks if the hash of a known password (in SHA1 or NTLM format) is present in the list of I Have Been Pwned leaks and the number of occurrences.

You can download the hash-coded version for SHA1 here or the hash-coded version for NTLM here

Once the list is downloaded it is then necessary to convert it to binary by using my other tool HIBP PasswordList Slimmer

This script only works with the HIBP version sorted by hash and entry hashes must be in lowercase and preferably ordered by hashs

Usage :

./PwnedPasswordsChecker {InputHashList} {HashType} {OutputFile} {CompressedHIBPHashList}
./PwnedPasswordsChecker .\NTLM_LIST.txt NTLM .\Output.txt .\ntlm_hibp_compressed.bin

Output format : {hash}:{occurence}

Installation :

Download the compiled version for Windows or Linux from release page

If you wish to compile it yourself, you will need to have golang installed on your system and perform the following commands:

git clone https://github.com/JoshuaMart/PwnedPasswordsChecker && cd PwnedPasswordsChecker
go build main.go

Screenshots

Thanks to the use of a "compressed" format the tool has largely gained in performance, example of use between the old version and the new one with a list of 20,000 hashes (Intel Core I7 8565U) :

Screenshot

Improvements

Feel free to contact me on Twitter or do a PR to improve the script.