Skip to content

check-password-strength is an open-source tool that could help you to check how your passwords are good

License

Notifications You must be signed in to change notification settings

camandel/check-password-strength

Repository files navigation

check-password-strength

CI Build Release

check-password-strength is a tool that runs on Linux, Windows and MacOS that could help you to check how your passwords are good. It reads data from a CSV file, user input or stdin and assigns a score to each password within a range from 0 (worst) to 4 (best):

$ check-password-strength -f password.csv

img

It's based on the awesome zxcvbn library and its Go porting zxcvbn-go.

The passwords will be checked on:

  • english words and names
  • italian words and names
  • common used passwords
  • common keyboards sequences
  • l33t substitutions
  • username as part of the password
  • duplicated passwords
  • a custom dictionary (json or txt) can be loaded at runtime

It supports CSV files exported from the most popular Password Managers and Browsers:

  • LastPass
  • Bitwarden
  • Keepass
  • Firefox
  • Chrome
  • Custom (*)

(*) the custom CSV files must have a header with at least the following three fields: url,username,password

To check only one password at a time it can be used in interactive mode (password will not be displayed as you type):

$ check-password-strength -i
Enter Username: username
Enter Password: 
  URL | USERNAME | PASSWORD |   SCORE (0-4)    | ESTIMATED TIME TO CRACK | ALREADY USED   
------+----------+----------+------------------+-------------------------+---------------
      | username | p******d |  0 - Really bad  | instant                 |

or reading from stdin:

$ echo $PASSWORD | check-password-strength
  URL | USERNAME | PASSWORD |   SCORE (0-4)    | ESTIMATED TIME TO CRACK | ALREADY USED  
------+----------+----------+------------------+-------------------------+---------------
      |          | p******j |  4 - Strong      | centuries               |

If you need to use it in a script you can use -q flag. It will display nothing on stdout and the exit code will contain the password score (it works only with single password):

$ echo $PASSWORD | ./check-password-strength -q
$ echo $?
4

You can also display overall statistics about your passwords:

$ check-password-strength -f password.csv --stats

img

Getting started

Install

Installation of check-password-strength is simple, just download the release for your system and run the binary:

$ chmod +x check-password-strength
$ ./check-password-strength -f password.csv

or run it in a Docker container:

$ docker run --rm --net none -v $PWD:/data:ro camandel/check-password-strength -f /data/password.csv

Building from source

$ git clone https://github.com/camandel/check-password-strength

$ cd check-password-strength

$ # it compiles for current OS and ARCH
$ make

For Linux

$ make linux-64

For MacOS

$ make macos-64

For Windows

$ make windows-32

or

$ make windows-64

For Docker image

$ make docker

It will create a local image called check-password-strength:latest

Run

You can use command line or the Docker image:

$ check-password-strength -h
NAME:
   check-password-strength - Check the passwords strength from csv file, console or stdin

USAGE:
   check-password-strength [options]

VERSION:
   v0.0.7

COMMANDS:
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --filename CSVFILE, -f CSVFILE      Check passwords from CSVFILE
   --customdict FILE, -c FILE          Load custom dictionary from FILE (json, txt or lst)
   --interactive, -i                   enable interactive mode asking data from console (default: false)
   --stats, -s                         display only statistics (default: false)
   --quiet, -q                         return score as exit code (valid only with single password) (default: false)
   --limit value, -l value             Limit output based on score [0-4] (valid only with csv file) (default: 4)
   --debug, -d                         show debug logs (default: false)
   --help, -h                          show help (default: false)
   --version, -v                       print the version (default: false)

How to add custom dictionary

If you need to add your custom dictionary to the integrated ones, create a json file in the following format:

{
    "words": [
        "foo",
        "bar",
        "baz",
    ]
}

or a txt file like this one:

foo
bar
baz

and load it at runtime with the -c flag:

$ check-password-strength -c customdict.json -f password.csv

Or add it directly into the binary copying the json file in assets/data and recompile.