pwnd

🔍 🔓 A CLI that checks if your passwords have been compromised in a data breach

Description

A simple CLI tool that takes a list of passwords as shown below, queries the haveibeenpwned API and lets you know if they have been compromised in a data breach.

Why

Use a password that has yet to be leaked in a breach.

How

You provide one or more passwords which are hashed using SHA-1 (it's ok as the password isn't stored anywhere). Then using a system called k-anonymity, only the first five characters of your hashed password are used to query the pwned API which subsequently returns a set of hashed passwords that might match a given password.

The actually checking to see if a given password has been breached happens locally so your actual passwords are never sent anywhere (read more).

Install

npm install pwnd

You can also use npx if you're using npm version npm@5.2.0 and above

npx pwnd password1 reallylongpasswordoverhere other etc.

Usage

pwnd password1 reallylongpasswordoverhere other etc.

or

Create a pwnd-config.json file with a property called passwords that's mapped to an array of passwords like so:

{
  "passwords": ["password1", "reallylongpasswordoverhere", "other", "etc."]
}

Once you have created the pwnd-config.json file, simply run pwnd (with no arguments) in the same directory as the pwnd-config.json file like so:

pwnd

License

MIT © Evans Owino