Python scripts to perform password related tasks.
This single repository replaced older, separate repositories that are now
deprecated, pwned_password_search and generate_shadow.
Script that generates random passphrases of lengths given from command line arguments.
This code uses the Diceware 8K word list in C, downloaded from http://world.std.com/%7Ereinhold/diceware.html
Random numbers are generated using random.SystemRandom, which should be
good enough for cryptographic use.
usage: generate_passphrase.py [-h] length [length ...]
Generate Secure Passphrases
positional arguments:
length Passphrase length, must be 4 or greater.
optional arguments:
-h, --help show this help message and exit
A single pass phrase can be generated by passing the number of words to use as an integer as a command line parameter (Must be >= 4). Since this is a pass phrase, the words will be seperated by a space. For applications that allow spaces, you can use as-is or remove the spaces if needed.
$ python3 generate_passphrase.py 4
oily sequin yawn menlo
Multiple pass phrases can be generated simply by adding more integers as command line parameters. Each pass phrase generated will have the number of words specified. Each pass phrase will be on different line in the order given.
$ python3 generate_passphrase.py 4 5 6 7
l6 bobbin basel nora
limb kiva lana 71st goo
rid africa al key chopin korea
fake prong oh toad grail 4k usury
Script that checks a password against the Have I Been Pwned database, and reports back on whether or not it has been listed.
You may need to install the requests package first before running.
$ pip install requests
OR
$ pip3 install requests
This method may be preferable to putting your password directly into the site because this script only sends the first 5 characters of the SHA1 hash of your password over the internet instead of your whole password or hash.
For more info see the API docs
This script was inspired by Computerphile's YouTube video featuring Mike Pound, and later I took some code from the Python script he wrote that does the same thing.
usage: is_it_pwned.py [-h] [password [password ...]]
Check if passwords have been comprised.
positional arguments:
password Password to lookup.
optional arguments:
-h, --help show this help message and exit
- Prompts you for a single password (echo off):
$ python is_it_pwned.py - Reads passwords from a file:
$ python is_it_pwned.py < file - Reads passwords written to standard output by another command:
$ cmd | python is_it_pwned.py - Checks passwords given command line arguments: (Beware the password may
be saved in shell history and that other users on the system may be able to
observe the command line.)
$ python is_it_pwned.py <password1> [<password2> ...]
Script that can be used to generate a password hash that can be inserted
directly into the /etc/shadow file on a Linux or Unix system.
Current supported hash methods (from most secure to least):
- SHA512 (Default)
- SHA256
- MD5
usage: shadow_hash.py [-h] [-m {SHA512,SHA256,MD5}] [password [password ...]]
Generate Shadow Hashes.
positional arguments:
password Password to generate hashes for.
optional arguments:
-h, --help show this help message and exit
-m {SHA512,SHA256,MD5}, --method {SHA512,SHA256,MD5}
Hashing method to use, default is SHA512
- Prompts you for a single password (echo off):
$ python3 shadow_hash.py - Reads passwords from a file:
$ python3 shadow_hash.py < file - Reads passwords written to standard output by another command:
$ cmd | python3 shadow_hash.py - Checks passwords given command line arguments: (Beware the password may
be saved in shell history and that other users on the system may be able to
observe the command line.)
$ python3 shadow_hash.py <password1> [<password2> ...]