Skip to main content

Check your keepassxc database against previously breached haveibeenpwned passwords

Project description


PRs Welcome

This checks a KeePassXC database against previously cracked haveibeenpwned passwords.


  • keepassxc-cli binary (typically installed with KeePassXC)
  • python 3.7 or above


pip3 install keepassxc-pwned


Run: keepassxc_pwned ~/database.kdbx

Check a keepassxc database against previously cracked haveibeenpwned passwords

    keepassxc_pwned [--help]
    keepassxc_pwned <KDBX_DATABASE_FILE> [--plaintext] [--no-logs]

    KDBX_DATABASE_FILE      The path to your keepassxc database file
    --plaintext             Print breached passwords in plaintext; defaults to sha1 hashes
    --no-logs               Don't print status messages, just the summary message

    keepassxc_pwned ~/database.kdbx
    keepassxc_pwned ~/database.kdbx --plaintext

Sample Run:

$ keepassxc_pwned ~/Documents/updated_database.kdbx
Insert password for /home/sean/Documents/updated_database.kdbx:
Checking password for Amazon...
Checking password for Github...
Checking password for Netflix...
Checking password for Steam...
Checking password for letterboxd...
Checking password for linkedin...
Checking password for minecraft...
Found password for 'minecraft' 3 times in the dataset!
Checking password for soundcloud...
Checking password for stackoverflow...
Checking password for wikipedia...
Found 1 previously breached password:

You can also import this to use in python code...

from keepassxc_pwned import check_password

Note: check_password doesn't attempt to do any rate limiting.

... or enter the password manually...

$ python3 -m keepassxc_pwned
Password to check:
Found password 1054 times!


If you get the following error while using keepassxc-cli:

dyld: Library not loaded: /usr/local/opt/quazip/lib/libquazip.1.dylib
  Referenced from: /usr/local/bin/keepassxc-cli
  Reason: image not found
Abort trap: 6

... installing quazip should fix that:

  • brew install quazip (Mac)

  • sudo apt install libquazip-dev (Linux)

If keepassxc-cli fails with an error message like "Invalid Command extract.", the command was changed in KeePassXC 2.5.0, and is now called export. Upgrade KeePassXC to the latest version, and try again.


  • Clone this repository
  • Install pexpect and pytest: pip3 install pexpect pytest
  • Run pytest in the root directory

Project details

Release history Release notifications

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for keepassxc-pwned, version 0.2.3
Filename, size File type Python version Upload date Hashes
Filename, size keepassxc-pwned-0.2.3.tar.gz (6.8 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page