Skip to main content

Check your keepassxc database against previously breached haveibeenpwned passwords

Project description

KeepassXC-Pwned

PyPi version Codecov Python 3.6|3.7|3.8|3.9 Build Status PRs Welcome

This checks a KeePassXC database against previously cracked haveibeenpwned passwords.

Requirements

  • keepassxc-cli binary (typically installed with KeePassXC)
  • python 3.6 or above

Install

pip3 install keepassxc-pwned

Run

Run: keepassxc_pwned ~/database.kdbx

Usage: keepassxc_pwned [OPTIONS] DATABASE

  Check a keepassxc database against previously cracked haveibeenpwned
  passwords

Options:
  -p, --plaintext       Print breached passwords in plaintext; defaults to
                        sha1 hashes.

  -k, --key-file PATH   Key file for the database
  -v, --verbose         Print debug messages
  -q, --quiet           Don't print status messages, just the summary
  --keepassxc-cli PATH  Specify a different location for the keepassxc-cli
                        binary

  --help                Show this message and exit.

Sample Run:

$ keepassxc_pwned ~/Documents/updated_database.kdbx
Insert password for /home/sean/Documents/updated_database.kdbx:
Checking password for Amazon...
Checking password for Github...
Checking password for Netflix...
Checking password for Steam...
Checking password for letterboxd...
Checking password for linkedin...
Checking password for minecraft...
Found password for 'minecraft' 3 times in the dataset!
Checking password for soundcloud...
Checking password for stackoverflow...
Checking password for wikipedia...
Found 1 previously breached password:
minecraft:5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8:3

You can also import this to use in python code...

from keepassxc_pwned import check_password
check_password("password")

Note: check_password doesn't attempt to do any rate limiting.

... or enter the password manually...

$ python3 -m keepassxc_pwned
Password to check:
Found password 1054 times!

Privacy concerns

This tool only transmits the first 5 characters of the SHA-1 hash of your passwords. You can read more about that here.

Troubleshooting

If keepassxc-cli is named something else on your installation of KeepassXC, specify the full path by providing the --keepassxc-cli flag, like: keepassxc_pwned --keepassxc-cli "$(which keepassxc.cli)" ~/Documents/updated_database.kdbx

If you get the following error while using keepassxc-cli:

dyld: Library not loaded: /usr/local/opt/quazip/lib/libquazip.1.dylib
  Referenced from: /usr/local/bin/keepassxc-cli
  Reason: image not found
Abort trap: 6

... installing quazip should fix that:

  • brew install quazip (Mac)

  • sudo apt install libquazip-dev (Linux)

If keepassxc-cli fails with an error message like "Invalid Command extract.", the command was changed in KeePassXC 2.5.0, and is now called export. Upgrade KeePassXC to the latest version, and try again.

Tests

  • Clone this repository
  • Install dev dependencies: pip3 install -r requirements-dev.txt
  • mypy keepassxc_pwned
  • pytest

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

keepassxc-pwned-0.3.1.tar.gz (11.6 kB view details)

Uploaded Source

File details

Details for the file keepassxc-pwned-0.3.1.tar.gz.

File metadata

  • Download URL: keepassxc-pwned-0.3.1.tar.gz
  • Upload date:
  • Size: 11.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.1.3 requests-toolbelt/0.9.1 tqdm/4.45.0 CPython/3.8.2

File hashes

Hashes for keepassxc-pwned-0.3.1.tar.gz
Algorithm Hash digest
SHA256 ac2e5feb5ef67763390898f580d5452ff60475bffe282456137c9cddabc1ace8
MD5 6d1c005ef502acb8af1de4b721bf4258
BLAKE2b-256 6391be553e6a1b8e552d9623b92556f323d97f4ece2f25f797879c22e1991faa

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page