Skip to content

kazim-45/PassAudit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PassAudit 🔑

Password strength analyzer & breach checker — CLI tool in Python.

Checks if your password has been exposed in known data breaches using the HaveIBeenPwned API — without ever sending your password over the internet. Locally scores strength, entropy, and common patterns.

╭──────────────────────────────────────────╮
│ PassAudit  v1.0                          │
│ Password strength & breach checker       │
│ Your password never leaves your machine. │
╰──────────────────────────────────────────╯

────────────────── PassAudit — Password Report ──────────────────

  Strength   ████████████████████  100/100
  Rating      Strong    entropy: 104.9 bits

  ✓  Length ≥ 12          16 chars
  ✓  Uppercase letters    A–Z
  ✓  Lowercase letters    a–z
  ✓  Numbers              0–9
  ✓  Special characters   !@#$…

  Breach check (HaveIBeenPwned)
   ✓ Clean — not found in any known data breaches

How the breach check works (k-anonymity)

This is the interesting part. PassAudit never sends your password to any server.

Instead, it uses a technique called k-anonymity:

  1. Your password is SHA-1 hashed locally (e.g. 5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8)
  2. Only the first 5 characters of that hash are sent to the HIBP API (5BAA6)
  3. HIBP returns all hashes in their database that start with 5BAA6 (hundreds of results)
  4. PassAudit searches the list locally for your full hash — no one ever sees it

This means even if someone intercepted the API request, they couldn't reverse it to your password.


Features

  • Strength scoring (0–100) with colour-coded rating
  • Entropy calculation — bits of randomness in your password
  • Pattern detection — keyboard walks, sequential chars, repeated chars
  • Common password check — flags passwords from known breach lists
  • HIBP breach count — tells you exactly how many times it's appeared in breaches
  • Batch mode — check a whole file of passwords at once (with labels)
  • Offline mode--no-hibp to skip the API call

Installation

# Clone the repo
git clone https://github.com/kazim-45/passaudit.git
cd passaudit

# Install dependencies
pip install requests rich

# Run it
python passaudit.py

Usage

# Interactive prompt (input is hidden — nothing shows as you type)
python passaudit.py

# Check a specific password
python passaudit.py -p "MyPassword123!"

# Check a file of passwords
python passaudit.py -f passwords.txt

# Offline mode (skip breach check)
python passaudit.py -p "MyPassword123!" --no-hibp

# Help
python passaudit.py --help

Batch file format

Create a .txt file with one password per line. Optionally prefix with a label:

gmail:password123
github:Tr0ub4d@ur!Winds
SomePasswordWithNoLabel

PassAudit will check each one and display a summary table at the end.


What it checks

Check Description
Length Warns if under 12 chars, encourages 16+
Character variety Uppercase, lowercase, numbers, symbols
Entropy Bits of randomness based on character set
Common passwords Flags passwords from the most-used lists
Keyboard walks Detects qwerty, asdfgh, 123456, etc.
Repeated characters Flags aaa, 111, etc.
Sequential patterns Detects abc, 123, xyz
HIBP breach count How many times it appears in real breaches

Dependencies

  • requests — HTTP calls to HIBP API
  • rich — terminal formatting and colour output

Privacy

PassAudit is designed around your privacy:

  • No logging — nothing is stored or sent anywhere except the 5-char hash prefix
  • No telemetry — the tool makes no calls other than the HIBP API range request
  • Offline mode available — run with --no-hibp for completely local operation

License

MIT — use it, fork it, build on it.


Built by kazim-45

About

Password strength analyzer & breach checker — CLI tool in Python.

Topics

Resources

License

Contributing

Stars

1 star

Watchers

0 watching

Forks

Packages

 
 
 

Contributors

Languages