Password strength analyzer & breach checker — CLI tool in Python.
Checks if your password has been exposed in known data breaches using the HaveIBeenPwned API — without ever sending your password over the internet. Locally scores strength, entropy, and common patterns.
╭──────────────────────────────────────────╮
│ PassAudit v1.0 │
│ Password strength & breach checker │
│ Your password never leaves your machine. │
╰──────────────────────────────────────────╯
────────────────── PassAudit — Password Report ──────────────────
Strength ████████████████████ 100/100
Rating Strong entropy: 104.9 bits
✓ Length ≥ 12 16 chars
✓ Uppercase letters A–Z
✓ Lowercase letters a–z
✓ Numbers 0–9
✓ Special characters !@#$…
Breach check (HaveIBeenPwned)
✓ Clean — not found in any known data breaches
This is the interesting part. PassAudit never sends your password to any server.
Instead, it uses a technique called k-anonymity:
- Your password is SHA-1 hashed locally (e.g.
5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8) - Only the first 5 characters of that hash are sent to the HIBP API (
5BAA6) - HIBP returns all hashes in their database that start with
5BAA6(hundreds of results) - PassAudit searches the list locally for your full hash — no one ever sees it
This means even if someone intercepted the API request, they couldn't reverse it to your password.
- Strength scoring (0–100) with colour-coded rating
- Entropy calculation — bits of randomness in your password
- Pattern detection — keyboard walks, sequential chars, repeated chars
- Common password check — flags passwords from known breach lists
- HIBP breach count — tells you exactly how many times it's appeared in breaches
- Batch mode — check a whole file of passwords at once (with labels)
- Offline mode —
--no-hibpto skip the API call
# Clone the repo
git clone https://github.com/kazim-45/passaudit.git
cd passaudit
# Install dependencies
pip install requests rich
# Run it
python passaudit.py# Interactive prompt (input is hidden — nothing shows as you type)
python passaudit.py
# Check a specific password
python passaudit.py -p "MyPassword123!"
# Check a file of passwords
python passaudit.py -f passwords.txt
# Offline mode (skip breach check)
python passaudit.py -p "MyPassword123!" --no-hibp
# Help
python passaudit.py --helpCreate a .txt file with one password per line. Optionally prefix with a label:
gmail:password123
github:Tr0ub4d@ur!Winds
SomePasswordWithNoLabel
PassAudit will check each one and display a summary table at the end.
| Check | Description |
|---|---|
| Length | Warns if under 12 chars, encourages 16+ |
| Character variety | Uppercase, lowercase, numbers, symbols |
| Entropy | Bits of randomness based on character set |
| Common passwords | Flags passwords from the most-used lists |
| Keyboard walks | Detects qwerty, asdfgh, 123456, etc. |
| Repeated characters | Flags aaa, 111, etc. |
| Sequential patterns | Detects abc, 123, xyz |
| HIBP breach count | How many times it appears in real breaches |
PassAudit is designed around your privacy:
- No logging — nothing is stored or sent anywhere except the 5-char hash prefix
- No telemetry — the tool makes no calls other than the HIBP API range request
- Offline mode available — run with
--no-hibpfor completely local operation
MIT — use it, fork it, build on it.
Built by kazim-45