Securely check list of passwords against HIBP password database. Check is performed by sending 5 hex digits of password SHA-1 hash to HIBP servers and seeking match in retrieved list with requested hash prefix, leveraging K-anonymity approach.
Program accepts CSV (RFC 4180) with login,password pairs via STDIN. Outputs list of breached accounts via STDOUT and log via STDERR.
Pre-built binaries are available on releases page.
Alternatively, you may install passcheck from source. Run within source directory
make install
$ passcheck -h
Usage of passcheck:
-expire duration
cache TTL (default 1h0m0s)
-threads uint
number of threads for network requests (default 5)
Shell script which scans password saved in pass for breached passwords. It automatically pipes all passwords from password store into passcheck utility. All command-line options passed as is to the passcheck utility.
Usage:
./scan-passwordstore.sh