A python script for KeePass files to prove if they were pwned.
You can install the script as usual with git:
git clone https://github.com/timosittig/keepass-pwned
If there are any problems you can still just copy the source code from GitHub and save it ie next to your KeePass .kdbx file.
The script takes up to three parameters from the command line:
keepass-pwned.py database.kdbx --password="1234" --keyfile="keyfile.keyx;"
It takes the following parameters:
database
as the path to the KeePass file.--password
as the password to the KeePass file. (optional)--keyfile
as the keyfile to the KeePass file. (optional)
After hitting [ENTER] it will print out every entry that has been pwned.
To access your KeePass .kdbx file I am using the PyKeePass module from pip.
To prove if your password is beeing compromised I am using the API of haveibeenpwned.com: https://haveibeenpwned.com/API/v3
It does not transfer your password in plain text. But it will send the first 5 letters of it's SHA-1 hash to https://api.pwnedpasswords.com/range/. Afterwards the API will send an HTTP response with a list of SHA-1 hashes. If one of them matches the SHA-1 hash of your password, your password was leaked in the past.
This will all work automatically. You only have to follow the HOW TO USE.
The next milestones on my to do list are:
- finished PyKeePass implementation
- finished implementation of API communication
- finished implementing command line support for .kdbx file with password
- implementing command line support for .kdbx file with key file
- implementing command line support for .kdbx file with password and key file
- adding --export-csv argument and CSV export implementation
- adding --export-json argument and JSON export implementation
- adding --export-xml argument and XML export implementation