Check KeePass passwords against https://haveibeenpwned.com/Passwords
Branch: master
Clone or download
Latest commit 5155314 Jan 28, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
test_assets test assets for issues Jan 27, 2019
.coveragerc * travis-ci Jan 24, 2019
.gitignore pypi Jan 24, 2019
.travis.yml pypi Jan 24, 2019
CHANGELOG.md Update CHANGELOG.md Jan 28, 2019
Dockerfile dockerfile updated Jan 27, 2019
LICENSE Create LICENSE Jan 24, 2019
MANIFEST.in pypi Jan 24, 2019
Makefile dockerfile updated Jan 27, 2019
README.md dockerfile updated Jan 27, 2019
kdbxpasswordpwned.py fix for #3 Jan 27, 2019
requirements.txt moved from libkeepass to pykeepass Jan 27, 2019
setup.py pykeepass in setuptools and py3 tests updated Jan 27, 2019
tests.py fix for #3 Jan 27, 2019

README.md

kdbxpasswordpwned

Check keepass passwords against https://haveibeenpwned.com/Passwords

Build Status Coverage Status Docker Version Docker Image PyPI Version PyPI Python Versions

Disclosure

Even if Troy Hunt's API does provide some sense of privacy (as we don't share the password nor even the full SHA1), always review the tools you use with your KeePass files (such as this script which is small and you can easily see the password is not sent anywhere except HIBP API). I have reviewed libkeepass code (0.3.0, pinned in requirements) which is also small, and, as PyPI does not allow replacing existing versions, it is safe.

Also be sure to install tools you trust from places you trust or you might end up installing some shady version such as this fork which sends the full password (not the hash) to a different endpoint.

Usage

Install using pip

$ pip install kdbxpasswordpwned
Collecting kdbxpasswordpwned
Successfully installed kdbxpasswordpwned-0.3

And use the CLI

$ kdbxpasswordpwned -h
usage: kdbxpasswordpwned [-h] [-k KEYFILE] [-u] [-p] kdbx

positional arguments:
  kdbx                  keepass file

optional arguments:
  -h, --help            show this help message and exit
  -k KEYFILE, --keyfile KEYFILE
                        Keyfile if needed
  -u, --show-user       show username for found entries
  -p, --show-password   show password for found entries (high shoulders?)
$ kdbxpasswordpwned /path/to/test_assets/sample.kdbx
Password:
Password for title1 seen 1151 times before
Password for title2 seen 61164 times before

Or simply use the docker image

$ docker run --rm -ti \
             -v /path/to/test_assets/sample_with_key.kdbx:/tmp.kdbx:ro \
             -v /path/to/test_assets/sample.key:/tmp.key:ro \
             fopina/kdbxpasswordpwned -upk /tmp.key /tmp.kdbx
Password for title1 seen 1151 times before - testuser - testit
Password for title2 seen 61164 times before - None - blabla