Skip to content
Library for easily interfacing with Have I Been Pwned API v2
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

pwnedapi (Have I Been Pwned)

Codacy grade Travis (.org) Codecov PyPI PyPI - Downloads Read the Docs GitHub Twitter Follow

A Python library to leverage Troy Hunt's Have I Been Pwned API v2 and the k-Anonymity model. Inspired by Phil Nash's Ruby gem pwned.

Supported on Python versions 3.5 and up.


# Option 1: From the PyPI repository
pip install pwnedapi

# Option 2: For people of great taste
pipenv install pwnedapi

# Option 3: Locally
git clone
cd pwnedapi
python install


In its simplest form you'll only need to use two methods. Will probably add more if and when the API grows.

Check a single password

You can also scan a file of passwords, and export results in any format supported by the tablib library.

Scan a file of passwords

CLI usage

The library also installs a command-line tool which you can use to check your password from the comfort of your terminal. Run pwned to see all the possibilities.


Clone the repository normally. Then run make to install the dependencies.

While developing it's useful to ensure an acceptable code quality where the Pylama linter is helpful: run make lint to check your code. Once you have written your tests run make test to invoke the PyTest suites.

To run tests and calculate the code coverage run make coverage. This command will fail if you haven't set up a Codecov project with $CODECOV_TOKEN variable.

Remember to document your features and see that the documentation compiles successfully by running make docs.


Check the source code and issues from this repository, and should anything interesting pop out feel free to open a pull request.

Before your changes will be merged make sure that Travis CI pipeline is green and code coverage is on acceptable level. GitHub takes care of these eventually but to save time always consider running the tests locally before pushing.

You can’t perform that action at this time.