PwnedPasswordsChecker: Search if your password has been leaked

by do son · Published · Updated

NTLM authentication endpoints

PwnedPasswordsChecker

PwnedPasswordsChecker is a tool that checks if the hash of a known password (in SHA1 or NTLM format) is present in the list of I Have Been Pwned leaks and the number of occurrences.

You can download the hash-coded version for SHA1 here or the hash-coded version for NTLM here

Once the list is downloaded it is then necessary to convert it to binary by using my other tool HIBP PasswordList Slimmer

This script only works with the version sorted by hash and entry hashes must be in lowercase and preferably ordered by hashes.

Download

Use

./PwnedPasswordsChecker {InputHashList} {HashType} {OutputFile} {CompressedHIBPHashList}

./PwnedPasswordsChecker .\NTLM_LIST.txt NTLM .\Output.txt .\ntlm_hibp_compressed.bin

 

Output format : {hash}:{occurence}

Example

Thanks to the use of a “compressed” format the tool has largely gained in performance, an example of use between the old version and the new one with a list of 3757 hashes (Intel Core I7 8565U):

Copyright (C) 2020 JoshuaMart 

Source: https://github.com/JoshuaMart/

 

Tags: PwnedPasswordsChecker