Skip to content

A python script for KeePass files to prove if they were pwned.

Notifications You must be signed in to change notification settings

timosittig/keepass-pwned

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 

Repository files navigation

keepass-pwned

A python script for KeePass files to prove if they were pwned.

INSTALLATION

You can install the script as usual with git:

git clone https://github.com/timosittig/keepass-pwned

If there are any problems you can still just copy the source code from GitHub and save it ie next to your KeePass .kdbx file.

HOW TO USE

The script takes up to three parameters from the command line:

keepass-pwned.py database.kdbx --password="1234" --keyfile="keyfile.keyx;"

It takes the following parameters:

  • database as the path to the KeePass file.
  • --password as the password to the KeePass file. (optional)
  • --keyfile as the keyfile to the KeePass file. (optional)

After hitting [ENTER] it will print out every entry that has been pwned.

Example 1: using a KeePass file and a password

20210322190108219_pw

Example 2: using a KeePass file and a keyfile

20210322185908144_keyfile

Example 3: using a KeePass file and both a password and a keyfile!

20210322185426383_pw+keyfile

HOW DOES IT WORK

To access your KeePass .kdbx file I am using the PyKeePass module from pip.

To prove if your password is beeing compromised I am using the API of haveibeenpwned.com: https://haveibeenpwned.com/API/v3

It does not transfer your password in plain text. But it will send the first 5 letters of it's SHA-1 hash to https://api.pwnedpasswords.com/range/. Afterwards the API will send an HTTP response with a list of SHA-1 hashes. If one of them matches the SHA-1 hash of your password, your password was leaked in the past.

This will all work automatically. You only have to follow the HOW TO USE.

ROADMAP / TO DO

The next milestones on my to do list are:

  • finished PyKeePass implementation
  • finished implementation of API communication
  • finished implementing command line support for .kdbx file with password
  • implementing command line support for .kdbx file with key file
  • implementing command line support for .kdbx file with password and key file
  • adding --export-csv argument and CSV export implementation
  • adding --export-json argument and JSON export implementation
  • adding --export-xml argument and XML export implementation

About

A python script for KeePass files to prove if they were pwned.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages