Skip to content

StefanScherer/pwned-passwords

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
.circleci
.circleci
 
 
.dockerignore
.dockerignore
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
search
search
 
 
test.sh
test.sh
 
 

Repository files navigation

pwned-passwords

CircleCI This image on DockerHub

This Docker image can be used to search through the 320 million pwned passwords. See https://haveibeenpwned.com/Passwords for details.

If you want to check your passwords locally in a secure environment, use this Docker image. It will download the huge pwned-passwords files and will extract it for you.

Once the files are downloaded you can run the container again and again with your passwords that you also are currently using. No passwords or SHA1 sums will leave your computer. If you don't trust me, run the container without a network.

Build the image:

docker build -t pwned-passwords .

Usage

Mac / Linux

$ mkdir pwned
$ cd pwned
$ docker run --rm -v $(pwd):/data stefanscherer/pwned-passwords yourpassword
Hash is B48CF0140BEA12734DB05EBCDB012F1D265BED84
Found 1 occurrences in /data/pwned-passwords-1.0.txt

Run the container without network and with read-only mounted volume (works after you have downloaded all files).

$ docker run --rm -v $(pwd):/data:ro --network none stefanscherer/pwned-passwords yourpassword

Paranoid mode

Typing passwords in your terminal stores them in your shell history. You can remove that from your shell history, for example with sed -i 's/docker run.*pwned-passwords.*//' ~/.bash_history on Linux.

You can also run the container interactively to work inside a save place. The commands you type into the container isn't leaked to the host's shell history.

$ docker run --rm -it --entrypoint sh --network none -v $(pwd):/data:ro stefanscherer/pwned-passwords
/ # search secret
Hash is E5E9FA1BA31ECD1AE84F75CAAA474F3A663F05F4
Oh no - pwned! Found 1 occurences in /data/pwned-passwords-1.0.txt
/ # search supersecret123
Hash is 21DDE79B804497E122F38DABC393F8E94F103CA6
Oh no - pwned! Found 1 occurences in /data/pwned-passwords-1.0.txt
/ # search absolutesupersecret123
Hash is 9F14B0EBAE2CF106A8C8998B669BDC75DE5E1A2B
Good news - no pwnage found!
/ # exit

Windows

PowerShell

mkdir pwned
cd pwned
docker run --rm -v "$(pwd):/data" stefanscherer/pwned-passwords yourpass

CMD Shell

mkdir pwned
cd pwned
docker run --rm -v "%cd%:/data" stefanscherer/pwned-passwords yourpass

Acknowledgement

About

Docker image to search for pwned passwords

Resources

Readme

License

GPL-3.0 license
Activity

Stars

13 stars

Watchers

4 watching

Forks

11 forks
Report repository

Releases 2

2.0 Latest
Mar 24, 2018
+ 1 release

Packages

No packages published

Contributors 2

  •  
  •  

Languages