This project aims to assist in the search for leaked passwords while maintaining a high level of privacy using the k-anonymity method.

Overview

Password_HashCheck

This project aims to assist in the search for leaked passwords while maintaining a high level of privacy using the k-anonymity method.

To achieve this, the APIs of different services are used, sending only a part of the Hash of the password we want to check, for example, the first 5 characters.

Prerequisites

The project needs some libraries in order to work, to install it use the next command:

pip install -r requirements

Remember that Python 3 is required.

Usage

passme.py [FUNC] [ELEMENT] -engine [ENGINE] -api_key [API_KEY]
    FUNC:       The kind of element tha you want to check, it can be -h/--hash or -p/--password
                or -f/--file or -l/--list or --help.

    ELEMENT:    The "Hash", "Password" or the name of the file that contains a list of 
                hashes or password separeted by a new line.

    ENGINE:     The leaks engine that you want to be used, by default it uses HIBP (Have I been PWN).

    API_KEY:    The API_KEY necessary for some functions of some engines.

Functions

PASSME_HASH

The main project function receives the hashed password, the engine to be used and the API key.

Depending on the engine that is received, both the API key and the hashed password will be sent to one function or another.

If you want to add your own engine or an engine that is not already implemented, simply add one more option here.

passme_hash(hashed_password, engine="HIBP", api_key="0")

PASSME_PASSWORD

This function hashes the password it receives using SHA-1 and sends the hash to the passme_hash() function.

passme_password(password, engine="HIBP", api_key="0")

PASSME_FILE

This function reads one by one the lines of the received file to check each password, giving information about the received password and whether it has been filtered or not.

passme_file(filename, engine="HIBP", api_key="0")

PASSME_LIST

This function reads one by one the lines of the received file to check each hash, giving information about the received hash and whether it has been filtered or not.

passme_list(filename, engine="HIBP", api_key="0")

PASSME_LIST

The function that deals with the HIBP (Have i been pwned) API, sends the first five characters of the hash, then compares it with the full hash to see if the password/hash has been leaked.

engine_HIBP(hashed_password, engine, api_key)

Test

This project has a series of tests to check the correct operation of all its functions, for this purpose the "pytest" library has been used. To run the tests, install pytest with the following command:

pip install pytest

Once installed, simply run the "pytest" command to have the tests run automatically, any errors encountered will be returned by the terminal.

The results of the test in the lab are the following:

Python Version Function Hash Function List Function Password RANDOM Hash RANDOM Password Comment
3.9
3.8
3.7
3.6
3.5 Random.choice is not available in Python 3.5 // Deprecated Python Version

License

This project is licensed under the GNU General Public License - see the LICENSE file for details

Contact

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

This software doesn't have a QA Process. This software is a Proof of Concept.

If you have any problems, you can contact:

[email protected] - Ideas Locas CDCO - Telefónica

Disclaimer

In many places it can be a crime to install software on a computer that does not belong to you, without the owner's consent. We do not approve the use of PoC for any illegal purpose. To download or use our software in any way, you must acknowledge and approve the following:

1 - You declare that this PoC will be used exclusively in a legal manner. If you are in doubt as to the legality, consult a licensed attorney in the jurisdiction where you will be using this PoC.

2 - You acknowledge that the computer on which the software is to be installed is yours or you have the owner's consent to manage and install the software on it.

You might also like...
A simple python program to sign text using either the RSA or ISRSAC algorithm with GUI built using tkinter library.
A simple python program to sign text using either the RSA or ISRSAC algorithm with GUI built using tkinter library.

Digital Signatures using ISRSAC Algorithm A simple python program to sign text using either the RSA or ISRSAC algorithm with GUI built using tkinter l

The (Python-based) mining software required for the Nintendo Switch mining project.

ntgbtminer - Nintendo Switch edition This is a version of ntgbtminer that works with the Nintendo Switch bitcoin miner. ntgbtminer ntgbtminer is a no

The (Python-based) mining software required for the Game Boy mining project.

The (Python-based) mining software required for the Game Boy mining project.

A little side-project API for me to learn about Blockchain and Tokens

BlockChain API I built this little side project to learn more about Blockchain and Tokens. It might be maintained and implemented to other projects bu

Deribit_Algo_Project_Python - Deribit algo project written in python trading crypto futures
Deribit_Algo_Project_Python - Deribit algo project written in python trading crypto futures

This is a Algo/script trading for Deribit. You need an account with deribit, to

G-Research-Crypto-Competition - Project for passing the ML exam. Dataset took from the competition on the kaggle

G-Research-Crypto-Competition Project for passing the ML exam. Dataset took from

Python based project to pull useful account statistics from the Algorand block chain.

PlanetWatchStats Python based project to pull useful account statistics from the Algorand block chain. Setup pip install -r requirements.txt Run pytho

Challenge2022 - A backend of a Chia project donation platform
Challenge2022 - A backend of a Chia project donation platform

Overview This is a backend of a Chia project donation platform. People can publi

Owner
Telefónica
Telefónica official source code platform
Telefónica
theHasher Tool created for generate strong and unbreakable passwords by using Hash Functions.Generate Hashes and store them in txt files.Use the txt files as lists to execute Brute Force Attacks!

$theHasher theHasher is a Tool for generating hashes using some of the most Famous Hashes Functions ever created. You can save your hashes to correspo

SR18 6 Feb 2, 2022
CertPy is a high level toolkit for generating x509 (e.g. SSL/TLS/HTTPS) certificates in Python.

CertPy CertPy is a high level toolkit for generating x509 (e.g. SSL/TLS/HTTPS) certificates in Python. Certificate “profiles” are implemented as Pytho

Ryan Castellucci 4 Feb 21, 2022
keyring MITkeyring (🥉27 · ⭐ 630) - Store and access your passwords safely. MIT

The Python keyring library provides an easy way to access the system keyring service from python. It can be used in any application that needs safe pa

Jason R. Coombs 948 Dec 18, 2022
smartpassgen - A cross-platform package of modules for generating, secure storage and recovery of complex, cryptographic, smart passwords on the fly.

smartpassgen - A cross-platform package of modules for generating, secure storage and recovery of complex, cryptographic, smart passwords on the fly.

null 4 Sep 4, 2021
Alpkunt 9 Sep 9, 2022
Given a string or a text file with plain text , returns his encryption using SHA256 method

Encryption using SHA256 Given a string or a .txt file with plain text. Returns his encryption using SHA256 method Requirements : pip install pyperclip

yuno 3 Jan 24, 2022
Zero-dependency Cryptography Python Module with a self made method

TesohhCrypt TesohhCrypt is a zero-dependency Cryptography Python Module, with a method that i made. (likely someone already made a similar one, but i

Simone Tesini 1 Oct 26, 2021
High Performance Blockchain Deserializer

bitcoin_explorer is an efficient library for reading bitcoin-core binary blockchain file as a database (utilising multi-threading).

Congyu 2 Dec 28, 2021
This project is a proof of concept to create a dashboard using Dash to display information about various cryptocurrencies.

This project is a WIP as a way to display useful information about cryptocurrencies. It's currently being actively developed as a proof of concept, and a way to visualize more useful data about various cryptocurrencies.

null 7 Apr 21, 2022
Buckley 2 Jul 24, 2022