Enterprise-grade password strength analysis platform with real cryptographic methodologies, breach intelligence, and attack simulation.
Developed by 7SM
CipherGuard is a professional cybersecurity application that goes far beyond basic password checkers. It provides real-time analysis using actual security methodologies, integrates with the Have I Been Pwned breach database, and delivers an enterprise-grade user experience.
- Live Password Analysis — Real-time feedback as you type with 150ms debounce
- Security Score (0–100) — Weighted multi-dimensional scoring system
- Entropy Calculation — Mathematical bits-of-entropy with pool size analysis
- 6-Category Breakdown — Complexity, Entropy, Predictability, Exposure Risk, Length, Uniqueness
- Pattern Detection — 9 attack pattern types including keyboard walks, leet-speak, date patterns
- Crack Time Estimates — 6 attack scenarios (online, offline bcrypt, offline MD5, GPU cluster, quantum)
- Attack Simulation — Interactive terminal-style simulation of real attack vectors
- Password Heatmap — Character-by-character color analysis visualization
- Have I Been Pwned Integration — Checks against 14B+ compromised passwords
- k-Anonymity Model — Only first 5 chars of SHA-1 hash sent — your password never leaves your device
- Breach Count Display — Shows exact exposure count
- 3 Generation Modes — Random (max entropy), Passphrase (memorable), Pronounceable
- Configurable Options — Length 8–64, character types, ambiguous char exclusion
- Cryptographically Secure — Uses Web Crypto API (
crypto.getRandomValues)
- Dark Cybersecurity Aesthetic — Deep blacks, cyan/blue highlights, glassmorphism
- Framer Motion Animations — Smooth transitions, animated gauges, count-up numbers
- Responsive Design — Desktop sidebar + mobile hamburger navigation
- Privacy-First — All analysis runs locally, passwords never stored
- Export Report — Download full security report as
.txt
| Layer | Technology |
|---|---|
| Frontend Framework | React 18 + TypeScript |
| Build Tool | Vite 5 |
| Styling | Tailwind CSS 3 |
| Animations | Framer Motion 11 |
| Password Analysis | zxcvbn |
| Charts | Recharts |
| Icons | Lucide React |
| Backend | Node.js + Express (optional HIBP proxy) |
| Breach Detection | Have I Been Pwned API |
- Node.js 18+
- npm or yarn
cd frontend
npm install
npm run devThe app will start at http://localhost:3000
The backend is an optional HIBP proxy. The frontend can call HIBP directly (k-anonymity is maintained either way).
cd backend
npm install
npm startThe API will run at http://localhost:3001
Password Strength Analyzer/
├── screenshots/ # App screenshots
├── frontend/
│ ├── src/
│ │ ├── components/ # UI components
│ │ │ ├── LoadingScreen.tsx
│ │ │ ├── Sidebar.tsx
│ │ │ ├── PasswordInput.tsx
│ │ │ ├── StrengthMeter.tsx
│ │ │ ├── PasswordHeatmap.tsx
│ │ │ ├── SecurityScore.tsx
│ │ │ ├── EntropyCard.tsx
│ │ │ ├── CrackTimeCard.tsx
│ │ │ ├── BreachDetection.tsx
│ │ │ ├── AttackSimulation.tsx
│ │ │ ├── PasswordGenerator.tsx
│ │ │ └── SecurityTips.tsx
│ │ ├── hooks/ # React hooks
│ │ │ ├── usePasswordAnalysis.ts
│ │ │ └── useBreachDetection.ts
│ │ ├── services/ # External API services
│ │ │ └── hibpService.ts
│ │ ├── utils/ # Core analysis engine
│ │ │ ├── passwordAnalyzer.ts
│ │ │ ├── entropyCalculator.ts
│ │ │ ├── crackTimeEstimator.ts
│ │ │ ├── patternDetector.ts
│ │ │ ├── passwordGenerator.ts
│ │ │ └── reportExporter.ts
│ │ ├── types/ # TypeScript interfaces
│ │ │ └── index.ts
│ │ ├── App.tsx
│ │ ├── main.tsx
│ │ └── index.css
│ ├── package.json
│ ├── tailwind.config.js
│ ├── vite.config.ts
│ └── index.html
└── backend/
├── server.js
└── package.json
The overall score (0–100) is a weighted average of 6 categories:
| Category | Weight | Description |
|---|---|---|
| Entropy | 25% | Mathematical randomness bits |
| Complexity | 20% | Character type diversity |
| Length | 20% | Character count score |
| Predictability | 20% | Resistance to pattern attacks |
| Uniqueness | 10% | Unique character ratio |
| Exposure Risk | 5% | zxcvbn-based heuristic |
Pool Size = 26 (lower) + 26 (upper) + 10 (digits) + 32 (symbols) [as applicable]
Base Entropy = length × log₂(poolSize)
Effective Entropy = Base × repetitionFactor × sequentialPenalty
| Scenario | Speed | Description |
|---|---|---|
| Online (throttled) | 100/sec | Rate-limited login |
| Online (fast) | 10K/sec | Unprotected service |
| Offline (bcrypt) | 10K/sec | Strong hash algorithm |
| Offline (MD5) | 10B/sec | Weak hash algorithm |
| GPU Cluster | 100B/sec | Dedicated cracking rig |
| Quantum (future) | 1T/sec | Grover's algorithm |
Expected attempts = 2^(entropy - 1) / attack_speed
- Hash password with SHA-1
- Send only first 5 characters of hex hash to HIBP API
- Receive ~1000 hash suffixes
- Check locally if full hash suffix matches any result
- Password hash is never fully transmitted
| Level | Score | Color |
|---|---|---|
| Critical | 0–19 | Red |
| Weak | 20–39 | Orange |
| Fair | 40–59 | Yellow |
| Good | 60–75 | Lime |
| Strong | 76–90 | Emerald |
| Fortress | 91–100 | Cyan |
All password analysis is performed locally in your browser whenever possible. Your password is never stored, logged, or transmitted in plaintext. Breach detection uses the HIBP k-anonymity model — only a 5-character hash prefix is ever sent.
- zxcvbn — Dropbox password strength estimator
- Have I Been Pwned — Troy Hunt's breach database
- NIST SP 800-63B — Digital Identity Guidelines
This project is licensed under the MIT License — see the LICENSE file for full details.
MIT License — Copyright (c) 2026 7SM
You are free to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of this software, provided the copyright notice and permission notice are included in all copies.
Developed by 7SM
CipherGuard — Because your passwords deserve enterprise-grade protection.