Skip to content

technion/rustypwneddownloader

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits

.github/workflows

.github/workflows

 
 

src

src

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

Cargo.lock

Cargo.lock

 
 

Cargo.toml

Cargo.toml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

clippy.toml

clippy.toml

 
 

deny.toml

deny.toml

 
 

Repository files navigation

RustyPwnedPasswordsDownloader

This is a Rust implementation of this project: https://github.com/HaveIBeenPwned/PwnedPasswordsDownloader

Installation

Grab the single executable download from here: https://github.com/technion/rustypwneddownloader/releases/latest/download/rustypwneddownloader.exe This app is expected to run on any platform that Rust compiles for, but presently you'll need to fetch the source and build it.

Improvements

The major issue that this project solves is the dotnet requirement: I appreciate that dotnet now runs on Linux. This has been noted in multiple Github issues, however many of us do not wish to install a Microsoft Framework just to then install a small app that downloads a file. This app is a standalone executable.

New Features

If you would like to run a "has this password been seen before" type service, you require the way the dotnet downloader works. However, if you would like to meet modern password requirements for "block commonly used passwords", you do not need a constantly updated, massive text file of passwords that have been seen once (which are not "common"). This downloader allows output to be filtered based on the number of times a password was see (defaults to 3). Set this parameter to 1 to get the old behaviour.

Usage

Usage: rustypwneddownloader.exe [OPTIONS] --filename <FILENAME>

Options:
  -f, --filename <FILENAME>  Name of output file
  -m, --minimum <MINIMUM>    Filter to passwords breached this many times [default: 3]
  -h, --help                 Print help
  -V, --version              Print version

Verifying Builds

All releases are Authenticode signed. You can verify this as below:

PS > Get-AuthenticodeSignature .\rustypwneddownloader.exe


    Directory: Downloads


SignerCertificate                         Status                                 Path
-----------------                         ------                                 ----
9C74A96F12A82D4AE8E23E7214D21033D81705A2  Valid                                  rustypwneddownloader.exe

In addition, for complete supply chain transparency all releases are signed with SigStore. If you have downloaded the cosign executable, you can verify a download with:

.\cosign-windows-amd64.exe verify-blob .\rustypwneddownloader.exe --bundle .\cosign<version>.bundle --certificate-oidc-issuer=https://github.com/login/oauth --certificate-identity=technion@lolware.net

References

This issue describes a shell script version on which this app was based. HaveIBeenPwned/PwnedPasswordsDownloader#30

About

Rust based pwnedpasswords Downloader

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 6

Tag v0.2.2 Latest
Jul 18, 2023
+ 5 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages