Skip to content
Slightly evil password strength checker
Branch: master
Clone or download
Latest commit 19ed03f Feb 21, 2017
Type Name Latest commit message Commit time
Failed to load latest commit information.
evilpass Merge pull request #9 from cclauss/patch-1 Feb 21, 2017
LICENSE Initial commit Feb 18, 2017 Update README, we support Google now Feb 19, 2017
requirements.txt Added requirements.txt Feb 18, 2017

Slightly evil password strength checker

Checks how strong your user's password is via questionably ethical means.


Please don't actually use this.

>>> from evilpass import check_pass
>>> errors = check_pass("password", "email address", "username")
>>> errors
["Your password must be at least 8 characters long"]

Password reuse is bad, okay?

So quit doing it. Use a password manager. I personally recommend pass.

Side note

If you're actually checking user's password strength on sign up, I strongly suggest using an entropy-based strength estimation like zxcvbn instead of contrived composition rules like this, which are explicitly discouraged by NIST's current password guidelines. I also suggest not trying to log into your user's account on other sites.

Future development

  • Automate use of proxies to avoid rate limiting and other things external services might do when they detect you're doing this
  • Add other external services to check
  • Store valid credentials in a database for evil purposes

You can’t perform that action at this time.