Skip to main content

Check KeePass passwords against https://haveibeenpwned.com/Passwords

Project description

# kdbxpasswordpwned
Check keepass passwords against https://haveibeenpwned.com/Passwords

[![Build Status](https://travis-ci.org/fopina/kdbxpasswordpwned.svg?branch=master)](https://travis-ci.org/fopina/kdbxpasswordpwned)
[![Coverage Status](https://coveralls.io/repos/github/fopina/kdbxpasswordpwned/badge.svg?branch=master)](https://coveralls.io/github/fopina/kdbxpasswordpwned?branch=master)
[![Docker Version](https://images.microbadger.com/badges/version/fopina/kdbxpasswordpwned.svg)](https://microbadger.com/images/fopina/kdbxpasswordpwned)
[![Docker Image](https://images.microbadger.com/badges/image/fopina/kdbxpasswordpwned.svg)](https://microbadger.com/images/fopina/kdbxpasswordpwned)
[![PyPI Version](https://img.shields.io/pypi/v/kdbxpasswordpwned.svg)](https://pypi.python.org/pypi/kdbxpasswordpwned)
[![PyPI Python Versions](https://img.shields.io/pypi/pyversions/kdbxpasswordpwned.svg)](https://pypi.python.org/pypi/kdbxpasswordpwned)

### Disclosure

Even if Troy Hunt's API does provide some sense of privacy (as we don't share the password nor even the full SHA1), always review the tools you use with your KeePass files (such as this script which is small and you can easily see the password is not sent anywhere except HIBP API). I have reviewed libkeepass code (0.3.0, pinned in requirements) which is also small, and, as PyPI does not allow replacing existing versions, it is safe.

Also be sure to install tools you trust from places you trust or you might end up installing some shady version such as [this fork](https://github.com/fopina/kdbxpasswordpwned/compare/master...SlivTaMere:bea0f5c) which sends the full password (not the hash) to a different endpoint.

### Usage

Install using `pip`

```bash
$ pip install kdbxpasswordpwned
Collecting kdbxpasswordpwned
Successfully installed kdbxpasswordpwned-0.3
```
And use the CLI

```bash
$ kdbxpasswordpwned -h
usage: kdbxpasswordpwned [-h] [-k KEYFILE] [-u] [-p] kdbx

positional arguments:
kdbx keepass file

optional arguments:
-h, --help show this help message and exit
-k KEYFILE, --keyfile KEYFILE
Keyfile if needed
-u, --show-user show username for found entries
-p, --show-password show password for found entries (high shoulders?)
```

```bash
$ kdbxpasswordpwned /path/to/test_assets/sample.kdbx
Password:
Password for title1 seen 1151 times before
Password for title2 seen 61164 times before
```

Or simply use the docker image

```bash
$ docker run --rm -ti \
-v /path/to/test_assets/sample_with_key.kdbx:/tmp.kdbx:ro \
-v /path/to/test_assets/sample.key:/tmp.key:ro \
fopina/kdbxpasswordpwned -upk /tmp.key /tmp.kdbx
Password for title1 seen 1151 times before - testuser - testit
Password for title2 seen 61164 times before - None - blabla
```

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kdbxpasswordpwned-0.5.tar.gz (3.4 kB view details)

Uploaded Source

File details

Details for the file kdbxpasswordpwned-0.5.tar.gz.

File metadata

  • Download URL: kdbxpasswordpwned-0.5.tar.gz
  • Upload date:
  • Size: 3.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.5.0.1 requests/2.20.1 setuptools/40.7.0 requests-toolbelt/0.8.0 tqdm/4.30.0 CPython/2.7.14

File hashes

Hashes for kdbxpasswordpwned-0.5.tar.gz
Algorithm Hash digest
SHA256 42535e7d4db9582db80ee89916dfb5082127bc129e16e02d6bcc767ed24e9697
MD5 af7db0c10a50515fbd544ba542126a25
BLAKE2b-256 6875307ee3dc2da8cfe13130a7983a79b43ed4de9ee5a52eae21d4da842d7883

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page