A lightweight Telegram bot that hashes text (MD5 / SHA-256), stores per-user history behind a codeword, checks passwords against Have I Been Pwned, scores strength with zxcvbn, and generates random passwords.
Bot UI messages are in Russian. This README is in English.
| Command | What it does |
|---|---|
/start |
Welcome + command list |
/help |
Hash usage hint |
/hash <algo> <text> |
Hash with md5 or sha256 |
/history |
Show saved hashes (requires codeword) |
/setcode <word> |
Set codeword for history access |
/check <password> |
HIBP breach check (k-anonymity API) |
/checkzxcvbn |
Interactive zxcvbn strength score |
/generate <length> |
Random password |
/dev |
Author info |
History is stored in history_{user_id}.json on the machine running the bot.
- Create a bot with @BotFather and copy the API token.
- Clone and install:
git clone https://github.com/krwg/hash-bot.git
cd hash-bot
pip install -r requirements.txt- Set the token (pick one):
# Option A — environment variable (recommended)
export TELEGRAM_BOT_TOKEN="your-token-here"
python hash.py
# Option B — edit hash.py and replace YOUR TOKEN- Run on a machine with internet access (long polling).
- Do not commit your bot token.
/checkuses the HIBP range API — only a SHA-1 prefix is sent.- History files and codewords are local to your server; back them up if you care about retention.
- This is a utility bot, not audited for high-security production use.
- Python 3.12+
- Linux, macOS, or Windows
- See
requirements.txt
MIT — portfolio / utility project by krwg.