A quick and crummy python script, letting you check a password against the haveibeenpwned.com database, without letting the password or hash leave your machine. This can be usefull for compliance, in airgapped machines or when you're stuck in "the field" witht a bunch of hashes and no connection.

$ git clone https://github.com/Veticus/hasthisbeenpwned.git

$ pip install pyspin

Note: on some OS'es you need to specify that you want to use python3, when using pip. If your system has both python2 and python3 just run pip3 install pyspin

The file can be found here: Have I Been Pwned: Pwned Passwords I urge you to use the torrent file, to get the file. Alternatively you can download it directly.

$ wget https://downloads.pwnedpasswords.com/passwords/pwned-passwords-sha1-ordered-by-hash-v6.7z

Any 7zip compatible unarchivers can do this for you. You probably already know how to do that. If you dont - i recommend 7za or p7zip for this. They're easy to use.

Now for the good part. Let's say you want to use hunter18 as your next password, but want to check if it has been leaked.

$ python3 hasthisbeenpwned.py hunter18

The script will then show you a little spinner, and once a match is found, tell you in how many leaks the password has appeared.

Here's a little video to see it in action:

As you can see, the password hunter18 has been in 3468 leaks, submitted to haveibeenpwned.com - Making this a horrible password. Well, amongst other reasons.

• Tim Engel - Initial work - Veticus

This project is licensed under the WTFPL license - see more here: wtfpl.net

• A colossal THANK YOU to Troy Hunt for making haveibeenpwned.com free to use.