Send password hashes to a simple web API which will return 200 for pwned and 404 for not pwned.
amipwned has two features, the web service and the load service. The load services takes a password dump as input and saves each password and its corresponding hash to a Postgresql database (other DBs may be supported if requested).
Run amipwned locally in your network and have your backend that are exposed to the internet send requests to amipwned to check if a given hash is OK or not. The project gives 100% control over the data stored in the DB.
▄▄▄ ██▀███ ▓█████ ▓██ ██▓ ▒█████ █ ██ ██▓███ █ █░███▄ █ ▓█████ ▓█████▄
▒████▄ ▓██ ▒ ██▒▓█ ▀ ▒██ ██▒▒██▒ ██▒ ██ ▓██▒ ▓██░ ██▒▓█░ █ ░█░██ ▀█ █ ▓█ ▀ ▒██▀ ██▌
▒██ ▀█▄ ▓██ ░▄█ ▒▒███ ▒██ ██░▒██░ ██▒▓██ ▒██░ ▓██░ ██▓▒▒█░ █ ░█▓██ ▀█ ██▒▒███ ░██ █▌
░██▄▄▄▄██ ▒██▀▀█▄ ▒▓█ ▄ ░ ▐██▓░▒██ ██░▓▓█ ░██░ ▒██▄█▓▒ ▒░█░ █ ░█▓██▒ ▐▌██▒▒▓█ ▄ ░▓█▄ ▌
▓█ ▓██▒░██▓ ▒██▒░▒████▒ ░ ██▒▓░░ ████▓▒░▒▒█████▓ ▒██▒ ░ ░░░██▒██▓▒██░ ▓██░░▒████▒░▒████▓
▒▒ ▓▒█░░ ▒▓ ░▒▓░░░ ▒░ ░ ██▒▒▒ ░ ▒░▒░▒░ ░▒▓▒ ▒ ▒ ▒▓▒░ ░ ░░ ▓░▒ ▒ ░ ▒░ ▒ ▒ ░░ ▒░ ░ ▒▒▓ ▒
▒ ▒▒ ░ ░▒ ░ ▒░ ░ ░ ░ ▓██ ░▒░ ░ ▒ ▒░ ░░▒░ ░ ░ ░▒ ░ ▒ ░ ░ ░ ░░ ░ ▒░ ░ ░ ░ ░ ▒ ▒
░ ▒ ░░ ░ ░ ▒ ▒ ░░ ░ ░ ░ ▒ ░░░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░ ░ ░
usage: amipwned [-h] [--web {start,stop,restart}] [--load FILENAME]
[--port PORT] [--config CONFIG]
Self-hosted service for checking if a given password has been recorded in
public password dumps. Created by @dubs3c
optional arguments:
-h, --help show this help message and exit
--web {start,stop,restart}
Control the amipwned web service
--load FILENAME Stop the amipwned web service
--port PORT Listening port for the web service
--config CONFIG Configuration file location
A reason to try out aiohttp and writing some asyncio code! However, if you like the idea of this project, create an issue with your suggested improvements (or send a PR) and I'll maybe implement/merge them :)
sudo apt install postgres postgresql-contrib libpq-dev python3.7-dev
- Linux (Tested on Ubuntu but should work on other distributions as well)
- Python 3.7
- PostgreSQL
-
Install the project
pip install amipwned -
Create the following configuration file at
~/.amipwned.ini
[postgresql]
host = localhost
port = 5432
username = postgres
password =
databaseName = amipwned
- Run it!
amipwned --web start
Recommended way of installing is using poetry.
-
Simply run
poetry installafter cloning the repo. -
Create the following configuration file at
~/.amipwned.ini
[postgresql]
host = localhost
port = 5432
username = postgres
password =
databaseName = amipwned
poetry run amipwned --web start
Any feedback or ideas are welcome! Want to improve something? Create a pull request!
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature - Commit your changes:
git commit -am 'Add some feature' - Push to the branch:
git push origin my-new-feature - Submit a pull request :D