Check for breached passwords with k-anonymity

Last update: Feb 08, 2022

Related tags

Security related resources passwnd

Overview

passwnd

Check for breached passwords with k-anonymity

Usage

To get prompted to enter the password securely, simply run:

passwnd.py

Alternatively, you can specify the password directly:

passwnd.py

The latter is not recommended, as it might leak the password to the shell history.

How it works

The password will be hashed with SHA1 and turned to human-readable hex (ASCII)
That hex will be trimmed to just the first 5 characters
That trimmed result will be submitted to the pwnedpasswords.com database
pwnedpasswords.com will return all hashes that begin with that trim
We download all returned hashes, and perform a full search locally

This way, we can check if a password was breached, without revealing said password. While simultaneously only requiring to download a few kB of data instead of GB.

A simple way to store your passwords without requiring third party applications

SimplePasswordManager A simple way to store your passwords without requiring third party applications Simple To Use. Store Your Passwords For Each Web

1 Dec 23, 2021

PwdGen is a Python Tkinter tool for generating secure 16 digit passwords.

PwdGen ( Password Generator ) is a Python Tkinter tool for generating secure 16 digit passwords. Installation Simply install requirements pip install

7 Jul 14, 2022

A python script to brute-force guess the passwords to Instagram accounts

Instagram-Brute-Force The purpose of this script is to brute-force guess the passwords to Instagram accounts. Specifics: Comes with 2 separate modes i

2 Nov 16, 2021

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238. It generates and validates OTPs based

1 Nov 15, 2021

Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

ChromePE [Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, download

3 Oct 5, 2022

Utility for Extracting all passwords from ConnectWise Automate

CWA Password Extractor Utility for Extracting all passwords from ConnectWise Automate (E.g. while migrating to a new system). Outputs a csv file with

1 Dec 9, 2021

Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Pass2Pwn is a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

10 Oct 15, 2022

Chromepass - Hacking Chrome Saved Passwords

Chromepass - Hacking Chrome Saved Passwords and Cookies View Demo · Report Bug · Request Feature Table of Contents About the Project AV Detection Gett

622 Jan 4, 2023

PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)

A medium security python password manager that encrypt passwords using Advanced Encryption Standard (AES) PassLock is a password manager and password

44 Nov 18, 2022

Releases(v1.0.0)

v1.0.0(Feb 8, 2022)

Initial release
Source code(tar.gz)
Source code(zip)
passwnd.exe(5.36 MB)
passwnd.py(2.66 KB)

Owner

Nat

I make computer go beep boop... (I actually do, modprobe pcspkr and then some nice C code)

GitHub Repository

PKUAutoElective for 2021 spring semester

PKUAutoElective 2021 Spring Version Update at Mar 7 15:28 (UTC+8): 修改了 get_supplement 的 API 参数，已经可以实现课程列表页面的正常跳转，请更新至最新 commit 版本本项目基于 PKUAutoElectiv

84 Sep 09, 2022

Add a Web Server based on Rogue Mysql Server to allow remote user get

介绍对于需要使用 Rogue Mysql Server 的漏洞来说，若想批量检测这种漏洞的话需要自备一个服务器。并且我常用的Rogue Mysql Server 脚本不支持动态更改读取文件名、不支持远程用户访问读取结果、不支持批量化检测网站。于是乎萌生了这个小脚本的想法 Rogue-MySql-

6 May 17, 2022

Strapi Framework Vulnerable to Remote Code Execution

CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Execution well, I didnt found any exploit for CVE-2019-19609 so I wrote one. :/ Usage pytho

7 Mar 08, 2022

Safety checks your installed dependencies for known security vulnerabilities

Safety checks your installed dependencies for known security vulnerabilities. By default it uses the open Python vulnerability database Safety DB, but

1.4k Dec 30, 2022

ssh-audit is a tool for ssh server & client configuration auditing.

SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

1.4k Dec 31, 2022

A small utility to deal with malware embedded hashes.

Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for various things such as: Dyn

48 Dec 19, 2022

log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

说明 about author: 我超怕的 blog: https://www.cnblogs.com/iAmSoScArEd/ github: https://github.com/iAmSOScArEd/ date: 2021-12-20 log4j2 dos exploit log4j2 do

3 Aug 13, 2022

Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

Fuzz introspector Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potenti

221 Jan 01, 2023

Check for breached passwords with k-anonymity

Related tags

Overview

passwnd

Usage

How it works

You might also like...

A simple way to store your passwords without requiring third party applications

PwdGen is a Python Tkinter tool for generating secure 16 digit passwords.

A python script to brute-force guess the passwords to Instagram accounts

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

Utility for Extracting all passwords from ConnectWise Automate

Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Chromepass - Hacking Chrome Saved Passwords

PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)

Releases(v1.0.0)

v1.0.0(Feb 8, 2022)

Owner

Nat

PKUAutoElective for 2021 spring semester

Add a Web Server based on Rogue Mysql Server to allow remote user get

Strapi Framework Vulnerable to Remote Code Execution

Safety checks your installed dependencies for known security vulnerabilities

ssh-audit is a tool for ssh server & client configuration auditing.

A small utility to deal with malware embedded hashes.

log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

Ini membuat tema berbasis bendera Indonesia with Python + Linux.py

List of S3 Hacks

Obfuscate your python code into a string of integers. De-obfuscate also supported.

Rapidly enumerate subdomains and domains using rapiddns.io.

PoC for CVE-2021-45897 aka SCRMBT-#180 - RCE via Email-Templates (Authenticated only) in SuiteCRM <= 8.0.1

StarUML cracker - StarUML cracker With Python

Hack computer in the form of RAR files from all types of clients, even Linux

Malware for Discord, designed to steal passwords, tokens, and inject discord folders for long-term use.

This repository uses a mixture of numbers, alphabets, and other symbols found on the computer keyboard

Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.

DCSync - DCSync Attack from Outside using Impacket

Sentinel-1 SAR time series analysis for OSINT use