Check for breached passwords with k-anonymity

Last update: Feb 08, 2022

Related tags

Security related resources passwnd

Overview

passwnd

Check for breached passwords with k-anonymity

Usage

To get prompted to enter the password securely, simply run:

passwnd.py

Alternatively, you can specify the password directly:

passwnd.py

The latter is not recommended, as it might leak the password to the shell history.

How it works

The password will be hashed with SHA1 and turned to human-readable hex (ASCII)
That hex will be trimmed to just the first 5 characters
That trimmed result will be submitted to the pwnedpasswords.com database
pwnedpasswords.com will return all hashes that begin with that trim
We download all returned hashes, and perform a full search locally

This way, we can check if a password was breached, without revealing said password. While simultaneously only requiring to download a few kB of data instead of GB.

A simple way to store your passwords without requiring third party applications

SimplePasswordManager A simple way to store your passwords without requiring third party applications Simple To Use. Store Your Passwords For Each Web

1 Dec 23, 2021

PwdGen is a Python Tkinter tool for generating secure 16 digit passwords.

PwdGen ( Password Generator ) is a Python Tkinter tool for generating secure 16 digit passwords. Installation Simply install requirements pip install

7 Jul 14, 2022

A python script to brute-force guess the passwords to Instagram accounts

Instagram-Brute-Force The purpose of this script is to brute-force guess the passwords to Instagram accounts. Specifics: Comes with 2 separate modes i

2 Nov 16, 2021

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238. It generates and validates OTPs based

1 Nov 15, 2021

Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

ChromePE [Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, download

3 Oct 5, 2022

Utility for Extracting all passwords from ConnectWise Automate

CWA Password Extractor Utility for Extracting all passwords from ConnectWise Automate (E.g. while migrating to a new system). Outputs a csv file with

1 Dec 9, 2021

Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Pass2Pwn is a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

10 Oct 15, 2022

Chromepass - Hacking Chrome Saved Passwords

Chromepass - Hacking Chrome Saved Passwords and Cookies View Demo · Report Bug · Request Feature Table of Contents About the Project AV Detection Gett

622 Jan 4, 2023

PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)

A medium security python password manager that encrypt passwords using Advanced Encryption Standard (AES) PassLock is a password manager and password

44 Nov 18, 2022

Releases(v1.0.0)

v1.0.0(Feb 8, 2022)

Initial release
Source code(tar.gz)
Source code(zip)
passwnd.exe(5.36 MB)
passwnd.py(2.66 KB)

Owner

Nat

I make computer go beep boop... (I actually do, modprobe pcspkr and then some nice C code)

GitHub Repository

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

dora Features Blazing fast as we are using ripgrep in backend Exploit/PoC steps for many of the API key, allowing to write a good report for bug bount

243 Dec 27, 2022

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

1.5k Dec 28, 2022

the metasploit script(POC) about CVE-2021-36260

CVE-2021-36260-metasploit the metasploit script(POC) about CVE-2021-36260. A command injection vulnerability in the web server of some Hikvision produ

14 Nov 09, 2022

AutoScan 有多个目标时，调用xray+rad进行自动扫描

Usage: 在高级版Xray和rad同目录下运行 python3 X-AutoXray.py xxxx.txt 写的蛮人性化的哦，os,linux,windows通用生成的xray报告会在当前目录的/result下面 Ctrl+c 打断脚本运行时还可以结算扫描进度，生成已扫描和未扫描的进度文件，

73 Jan 01, 2023

Multi Brute Force Facebook - Crack Facebook With Login - Free For Now

✭ SAKERA CRACK Made With ❤️ By Denventa, Araya, Dapunta Author: - Denventa - Araya Dev - Dapunta Khurayra X ⇨ Fitur Login [✯] Login Cookies ⇨ Ins

26 Jan 01, 2023

🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识别，目录扫描，旁站扫描，域名扫描等功能。

Sec-Tools 项目介绍系统简介本项目命名为Sec-Tools，是一款基于 Python-Django 的在线多功能 Web 应用渗透测试系统，包含漏洞检测、目录识别、端口扫描、指纹识别、域名探测、旁站探测、信息泄露检测等功能。本系统通过旁站探测和域名探测功能对待检测网站进行资产收集，通过端

300 Jan 07, 2023

Security system to prevent Shoulder Surfing Attacks

Surf_Sec Security system to prevent Shoulder Surfing Attacks. REQUIREMENTS: Python 3.6+ XAMPP INSTALLED METHOD TO CONFIGURE PROJECT: Clone the repo to

1 Jan 27, 2022

Phoenix Framework is an environment for writing, testing and using exploit code.

Phoenix-Framework Phoenix Framework is an environment for writing, testing and using exploit code. 🖼 Screenshots 🎪 Community PwnWiki Forums 🔑 Licen

42 Aug 09, 2022

HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.

5 May 10, 2022

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validatio

165 Dec 21, 2022

This tool allows to automatically test for Content Security Policy bypass payloads.

CSPass This tool allows to automatically test for Content Security Policy bypass payloads. Usage [cspass]$ ./cspass.py -h usage: cspass.py [-h] [--no-

30 Nov 22, 2022

Get important strings inside [Info.plist] & and Binary file also all output of result it will be saved in [app_binary].json , [app_plist_file].json file

12 Sep 28, 2022

Check for breached passwords with k-anonymity

Related tags

Overview

passwnd

Usage

How it works

You might also like...

A simple way to store your passwords without requiring third party applications

PwdGen is a Python Tkinter tool for generating secure 16 digit passwords.

A python script to brute-force guess the passwords to Instagram accounts

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

Utility for Extracting all passwords from ConnectWise Automate

Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Chromepass - Hacking Chrome Saved Passwords

PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)

Releases(v1.0.0)

v1.0.0(Feb 8, 2022)

Owner

Nat

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

the metasploit script(POC) about CVE-2021-36260

AutoScan 有多个目标时，调用xray+rad进行自动扫描

Multi Brute Force Facebook - Crack Facebook With Login - Free For Now

🍉一款基于Python-Django的多功能Web安全渗透测试工具，包含漏洞扫描，端口扫描，指纹识别，目录扫描，旁站扫描，域名扫描等功能。

Security system to prevent Shoulder Surfing Attacks

Phoenix Framework is an environment for writing, testing and using exploit code.

HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

This tool allows to automatically test for Content Security Policy bypass payloads.

Get important strings inside [Info.plist] & and Binary file also all output of result it will be saved in [app_binary].json , [app_plist_file].json file

This is a Python program that implements a vacuum cleaner as an Artificial Intelligence.

Grafana-0Day-Vuln-POC

CVE 2020-14871 Solaris exploit

DoSer.py - Simple DoSer in Python

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

LinOTP - the open source solution for two factor authentication

Malware Configuration And Payload Extraction

CVE-2021-22205& GitLab CE/EE RCE