/evilpass

Slightly evil password strength checker
  1. Python 100.0%
Switch branches/tags
Nothing to show
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
evilpass Merge pull request #9 from cclauss/patch-1 Feb 21, 2017
.gitignore Added *.pyc to gitignore Feb 18, 2017
LICENSE Initial commit Feb 18, 2017
README.md Update README, we support Google now Feb 19, 2017
requirements.txt Added requirements.txt Feb 18, 2017

README.md

Slightly evil password strength checker

Checks how strong your user's password is via questionably ethical means.

Usage

Please don't actually use this.

>>> from evilpass import check_pass
>>> errors = check_pass("password", "email address", "username")
>>> errors
["Your password must be at least 8 characters long"]

Password reuse is bad, okay?

So quit doing it. Use a password manager. I personally recommend pass.

Side note

If you're actually checking user's password strength on sign up, I strongly suggest using an entropy-based strength estimation like zxcvbn instead of contrived composition rules like this, which are explicitly discouraged by NIST's current password guidelines. I also suggest not trying to log into your user's account on other sites.

Future development

  • Automate use of proxies to avoid rate limiting and other things external services might do when they detect you're doing this
  • Add other external services to check
  • Store valid credentials in a database for evil purposes

https://www.xkcd.com/792/