Check for breached passwords with k-anonymity

Last update: Feb 08, 2022

Related tags

Security related resources passwnd

Overview

passwnd

Check for breached passwords with k-anonymity

Usage

To get prompted to enter the password securely, simply run:

passwnd.py

Alternatively, you can specify the password directly:

passwnd.py

The latter is not recommended, as it might leak the password to the shell history.

How it works

The password will be hashed with SHA1 and turned to human-readable hex (ASCII)
That hex will be trimmed to just the first 5 characters
That trimmed result will be submitted to the pwnedpasswords.com database
pwnedpasswords.com will return all hashes that begin with that trim
We download all returned hashes, and perform a full search locally

This way, we can check if a password was breached, without revealing said password. While simultaneously only requiring to download a few kB of data instead of GB.

A simple way to store your passwords without requiring third party applications

SimplePasswordManager A simple way to store your passwords without requiring third party applications Simple To Use. Store Your Passwords For Each Web

1 Dec 23, 2021

PwdGen is a Python Tkinter tool for generating secure 16 digit passwords.

PwdGen ( Password Generator ) is a Python Tkinter tool for generating secure 16 digit passwords. Installation Simply install requirements pip install

7 Jul 14, 2022

A python script to brute-force guess the passwords to Instagram accounts

Instagram-Brute-Force The purpose of this script is to brute-force guess the passwords to Instagram accounts. Specifics: Comes with 2 separate modes i

2 Nov 16, 2021

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238. It generates and validates OTPs based

1 Nov 15, 2021

Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

ChromePE [Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, download

3 Oct 5, 2022

Utility for Extracting all passwords from ConnectWise Automate

CWA Password Extractor Utility for Extracting all passwords from ConnectWise Automate (E.g. while migrating to a new system). Outputs a csv file with

1 Dec 9, 2021

Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Pass2Pwn is a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

10 Oct 15, 2022

Chromepass - Hacking Chrome Saved Passwords

Chromepass - Hacking Chrome Saved Passwords and Cookies View Demo · Report Bug · Request Feature Table of Contents About the Project AV Detection Gett

622 Jan 4, 2023

PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)

A medium security python password manager that encrypt passwords using Advanced Encryption Standard (AES) PassLock is a password manager and password

44 Nov 18, 2022

Releases(v1.0.0)

v1.0.0(Feb 8, 2022)

Initial release
Source code(tar.gz)
Source code(zip)
passwnd.exe(5.36 MB)
passwnd.py(2.66 KB)

Owner

Nat

I make computer go beep boop... (I actually do, modprobe pcspkr and then some nice C code)

GitHub Repository

Gitlab RCE - Remote Code Execution

Gitlab RCE - Remote Code Execution RCE for old gitlab version = 11.4.7 & 12.4.0-12.8.1 LFI for old gitlab versions 10.4 - 12.8.1 This is an exploit f

153 Nov 09, 2022

Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

ClickJackPoc This tool will help you automate finding Clickjacking Vulnerability by just passing a file containing list of Targets . Once the Target i

24 Dec 19, 2022

Passphrase-wordlist - Shameless clone of passphrase wordlist

This repository is NOT official -- the original repository is located on GitLab

2 Feb 05, 2022

GDID (Google Dorks for Information Disclosure)

GDID (Google Dorks for Information Disclosure) Script made for your recon automation in Bug Bounty or Pentest. It will help you to find Information Di

5 Mar 10, 2022

A fast tool to scan prototype pollution vulnerability

proto A fast tool to scan prototype pollution vulnerability Syntax python3 proto.py -l alive.txt Requirements Selenium Google Chrome Webdriver Note :

4 Aug 31, 2021

Threat research and reporting from IronNet's Threat Research Teams

IronNet Threat Research 🕵️ Overview This repository contains IronNet's Threat Research. Research & Reporting 📝 Project Description Cobalt Strike Res

36 Dec 02, 2022

Scan all java processes on your host to check weather it's affected by log4j2 remote code execution

Log4j2 Vulnerability Local Scanner (CVE-2021-45046) Log4j 漏洞本地检测脚本，扫描主机上所有java进程，检测是否引入了有漏洞的log4j-core jar包，是否可能遭到远程代码执行攻击（CVE-2021-45046）。上传扫描报告到指定的服

86 Dec 09, 2022

Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes

log4j-nullroute Quick script to ingest IP feed from greynoise.io for log4j (CVE-2021-44228) and null route bad addresses. Works w/Cisco IOS-XE and Ari

5 Sep 12, 2022

PyFUD - Fully Undetectable payload generator for metasploit

PyFUD fully Undetectable payload generator for metasploit Usage: pyfud.py --host

3 Mar 25, 2022

AMC- Automatic Media Access Control [MAC] Address Spoofing Tool

AMC (Automatic Media Access Control [MAC] Address Spoofing tool), helps you to protect your real network hardware identity. Each entered time interval your hardware address was changed automatically.

14 Dec 23, 2022

A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

162 Nov 25, 2022

This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload vulnerabilities)

zip-symlink-payload-creator This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload

6 Aug 18, 2022

2022-bridge - Example code belonging to the Bridge pattern video

Let's Take The Bridge Pattern To The Next Level This video covers how the bridge

11 Jun 14, 2022

一款针对向日葵的识别码和验证码提取工具

Sunflower_get_Password 一款针对向日葵的识别码和验证码提取工具 👮🏻‍♀️ 免责声明由于传播、利用Sunflower_get_Password工具提供的功能而造成的任何直接或者间接的后果及损失，均由使用者本人负责，本人不为此承担任何责任。安装环境本工具使用Python

635 Dec 20, 2022

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Above is an adversarial example: the slightly pert

838 Dec 18, 2022

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

CVE-2021-21389 BuddyPress 7.2.1 - REST API Privilege Escalation to RCE PoC (Full) Affected version: 5.0.0 to 7.2.0 User requirement: Subscriber user

17 Nov 09, 2022

Check for breached passwords with k-anonymity

Related tags

Overview

passwnd

Usage

How it works

You might also like...

A simple way to store your passwords without requiring third party applications

PwdGen is a Python Tkinter tool for generating secure 16 digit passwords.

A python script to brute-force guess the passwords to Instagram accounts

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

Utility for Extracting all passwords from ConnectWise Automate

Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Chromepass - Hacking Chrome Saved Passwords

PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)

Releases(v1.0.0)

v1.0.0(Feb 8, 2022)

Owner

Nat

Gitlab RCE - Remote Code Execution

Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

Passphrase-wordlist - Shameless clone of passphrase wordlist

GDID (Google Dorks for Information Disclosure)

A fast tool to scan prototype pollution vulnerability

Threat research and reporting from IronNet's Threat Research Teams

Scan all java processes on your host to check weather it's affected by log4j2 remote code execution

Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes

PyFUD - Fully Undetectable payload generator for metasploit

AMC- Automatic Media Access Control [MAC] Address Spoofing Tool

A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload vulnerabilities)

2022-bridge - Example code belonging to the Bridge pattern video

一款针对向日葵的识别码和验证码提取工具

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

CVE-2022-22965 : about spring core rce

Exploit for GitLab CVE-2021-22205 Unauthenticated Remote Code Execution

Keystroke logging, often referred to as keylogging or keyboard capturing

Huskee: Malware made in Python for Educational purposes