is_my_password_pwned - How often does your password appear in the Pwned Passwords database? Uses the k-anonymity API

  •        31

Find out how often your password appears in Troy Hunt's Pwned Passwords database. Uses the k-anonymity API to keep your password from leaving your PC.



Related Projects

hsimp - How Secure is My Password for your own website

  •    HTML

Now you can use the password strength meter on your own sites. Rather than just saying a password is "weak" or "strong", How Secure is My Password? lets your users know how long it would take someone to crack their password. It also checks against the top 10,000 most common passwords as well as a number of other checks (such as repeated strings, telephone numbers, and words followed by numbers).

KeypItSafe Password Vault


KeypItSafe Password Vault Easily and safely store your website passwords on your computer - or go mobile in just a few clicks! What is KeypItSafe? KeypItSafe is a free open source password manager that helps you store and manage all of your passwords securely on your ...

Passbolt - Password manager for the team

  •    PHP

Passbolt is an open source password manager for teams. It allows you to securely share and store credentials. For instance, the wifi password of your office, the administrator password of a router or your organisation's social media account passwords, all of them can be secured using passbolt.

Titan - Command line password manager

  •    C

Titan is a command line password manager. Titan uses OpenSSL library to perform the encryption. AES encryption is used with 256 bit keys. Password database is also protected from tampering by using a keyed-hash message autentication code (HMAC). Unique, cryptographically random initialization vector is used during the encryption. New initialization vector is generated each time the password database is encrypted.

NoKey - A distributed password manager without a master password

  •    Elm

NoKey is a distributed password manager that works without a master password. Instead, you can unlock your passwords by confirming from another device. E.g. if you need a password on your PC, you only have to confirm this on your phone. No need to remember any passwords.

buttercup-desktop - :key: Javascript Secrets Vault - Multi-Platform Desktop Application

  •    Javascript

Cross-platform, free and open-source password manager based on NodeJS. Buttercup is a password manager - an assistant for helping you store all of your login credentials. Buttercup helps you keep your accounts safe and assists you when you want to log in - all you need to do is remember just one password: your master password.

masterkey - secure interactive password manager with xchacha20poly1305, argon2id, and Go

  •    Go

masterkey is a simple, secure password manager written in Go. It uses xchacha20poly1305 for authenticated encryption and argon2id for key derivation. It stores credentials given a location, where each credential is represented by a Username and a Password. Locations, Usernames, and Passwords are always encrypted using a argon2id key derived from the input passphrase. Unlike password-store and a few other password managers, an attacker with access to the encrypted database can not discern exactly how many passwords are stored, the labels (locations) for the passwords, or the usernames associated with the passwords. Now create your vault, in this example we'll create it at ./vault.db. New vaults are created using the -new flag, existing vaults can be opened by simplly omitting the -new flag.

C# Garbage Pump: Password Keylogger Evasion


C# DLL for handling password input that is not susceptible to keylogging through a Garbage Pump technique, which pumps random keys, i.e. garbage, out while the user enters in a password. See screenshots for output results.

zxcvbn - Low-Budget Password Strength Estimation

  •    CoffeeScript

zxcvbn is a password strength estimator inspired by password crackers. Through pattern matching and conservative estimation, it recognizes and weighs 30k common passwords, common names and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.Consider using zxcvbn as an algorithmic alternative to password composition policy — it is more secure, flexible, and usable when sites require a minimal complexity score in place of annoying rules like "passwords must contain three of {lower, upper, numbers, symbols}".

jBCrypt - A Java implementation of OpenBSD's Blowfish password hashing code

  •    Java

jBCrypt is an implementation the OpenBSD Blowfish password hashing algorithm, as described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres. This system hashes passwords using a version of Bruce Schneier's Blowfish block cipher with modifications designed to raise the cost of off-line password cracking. The computation cost of the algorithm is parameterised, so it can be increased as computers get faster.

otp - TOTP library for Go

  •    Go

One Time Passwords (OTPs) are an mechanism to improve security over passwords alone. When a Time-based OTP (TOTP) is stored on a user's phone, and combined with something the user knows (Password), you have an easy on-ramp to Multi-factor authentication without adding a dependency on a SMS provider. This Password and TOTP combination is used by many popular websites including Google, Github, Facebook, Salesforce and many others. The otp library enables you to easily add TOTPs to your own application, increasing your user's security against mass-password breaches and malware.

hashview - A web front-end for password cracking and analytics

  •    CSS

Hashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat ( commands. Hashview strives to bring constiency in your hashcat tasks while delivering analytics with pretty pictures ready for ctrl+c, ctrl+v into your reports. Please see the Contribution Guide for how to develop and contribute. If you have any problems, please consult Issues page first. If you don't see a related issue, feel free to add one and we'll help.

keeweb - Free cross-platform password manager compatible with KeePass

  •    Javascript

This webapp is a browser and desktop password manager compatible with KeePass databases. It doesn't require any server or additional resources. The app can run either in browser, or as a desktop app. The app is already rather stable, so basic stuff should work. Project roadmap with planned features and approximate schedule is on TODO page.

wordlist - Collection of some common wordlists such as RDP password, user name list, ssh password wordlist for brute force


Collection of some common wordlists such as RDP password, user name list, ssh password wordlist for brute force. The following is an alphabetical list of IP camera manufacturers and their default usernames and passwords. The goal is to help users quickly get started with cameras. At the bottom of the post, we examine the use and security concerns of using default passwords.

thc-hydra - hydra

  •    C

Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallized connects.

Pwdhash Sharp

  •    DotNet

A variety of frontends for the PwdHash web-application. Using a domain name and "master password", PwdHash Sharp automatically create a hashed password that is strong, and cannot be used to reverse-engineer the master password.

Entry-Level C# Password Generator

  •    CSharp

The Entry-Level C# Password Generator is a piece of software written for two purposes. To be kept as simple as possible for newcomers to the langauge to understand how to use the language and to help people make a new secure password for themselves.

Notebook PEA - Text Editor with Password Encryption

  •    Java

Password encryption tool with built-in text editor, to protect private notes. The program offers some styling and editing functionality for the text, a password generator, a password-strength meter and a virtual keyboard. The text is protected using authenticated encryption.

credential - Easy password hashing and verification in Node

  •    Javascript

Easy password hashing and verification in Node. Protects against brute force, rainbow tables, and timing attacks.Employs cryptographically secure, per password salts to prevent rainbow table attacks. Key stretching is used to make brute force attacks impractical. A constant time verification check prevents variable response time attacks.

extractTVpasswords - tool to extract passwords from TeamViewer memory using Frida

  •    C++

  Hi there, in this article we want to tell about our little research about password security in TeamViewer. The method can help during the pentest time for post exploitation to get access to another machine using TeamViewer.   A few days ago I worked on my windows cloud VPS with TeamViewer (where I set a custom password). After work I disconnected, at the next time when I wanted to connect, I saw that TeamViewer had auto-filled the password.