Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Simple Laravel validation rule that allows you to prevent or limit the re-use of passwords that are known to be pwned (unsafe). Based on TroyHunt's Have I Been Pwned (https://haveibeenpwned.com)

Stars: ✭ 67 (-2.9%)

Mutual labels: password-safety, haveibeenpwned

Lil Pwny

Fast, offline auditing of Active Directory passwords using Python.

Stars: ✭ 117 (+69.57%)

Mutual labels: haveibeenpwned, password-safety

haveibeenpwned4j

The ultimate Java library for Troy Hunt's ';-- Have I Been Pwned (v3).

Stars: ✭ 13 (-81.16%)

Mutual labels: password-safety, haveibeenpwned

Haveibeenpwned Zxcvbn Lambda Api

Deploy your own secure API to estimate password strength and check haveibeenpwned for known matches - HTTPS by force, server not required, fire and brimstone sold separately 🔥

Stars: ✭ 57 (-17.39%)

Mutual labels: haveibeenpwned

Remove Firefox Megabar

Remove the new Firefox Megabar using CSS

Stars: ✭ 62 (-10.14%)

Mutual labels: firefox

Mue

Fast, open and free-to-use new tab page for modern browsers

Stars: ✭ 56 (-18.84%)

Mutual labels: firefox

Awesome Emoji Picker

Add-on/WebExtension that provides a modern emoji picker that you can use to find and copy/insert emoji into the active web page.

Stars: ✭ 54 (-21.74%)

Mutual labels: firefox

Passwords Webextension

The official browser extension for the Passwords app for Nextcloud.

Stars: ✭ 68 (-1.45%)

Mutual labels: firefox

Cyberfox

cyberfox code repository

Stars: ✭ 66 (-4.35%)

Mutual labels: firefox

Dotfiles

My dotfiles for my Arch-Install(s)

Stars: ✭ 59 (-14.49%)

Mutual labels: firefox

Ubo Youtube

Easier way to exempt your favorite YouTube channels from adblocking.

Stars: ✭ 57 (-17.39%)

Mutual labels: firefox

Disable Webassembly

Browser hacks to disable WebAssembly (WASM)

Stars: ✭ 63 (-8.7%)

Mutual labels: firefox

Lazarus addon

the original lazarus-recovery firefox add-on with some slight modifications -mainly removing the Donation nag

Stars: ✭ 56 (-18.84%)

Mutual labels: firefox

Dotfiles

Workstation configuration, provisioning and tools

Stars: ✭ 67 (-2.9%)

Mutual labels: firefox

Foxify Cli

💻 Firefox Command-Line Theme Manager 🦊 Inspired by spicetify-cli 🔥

Stars: ✭ 55 (-20.29%)

Mutual labels: firefox

Owl

A Mozilla Firefox add-on to make online reading comfortable.

Stars: ✭ 58 (-15.94%)

Mutual labels: firefox

Persian Twitter

A WebExtension which improves Twitter & TweetDeck user experience for Persian users

Stars: ✭ 66 (-4.35%)

Mutual labels: firefox

Ublock

uBlock: a fast, lightweight, and lean blocker for Chrome, Firefox, and Safari.

Stars: ✭ 8,075 (+11602.9%)

Mutual labels: firefox

View All Similar Projects ➔

firepwned

Firepwned is a tool that checks if your Firefox saved passwords have been involved in a known data leak using the Have I Been Pwned API.

Features:

Does not send any of your password or password hash to any third-party service, including Have I Been Pwned (see How It Works below).
Supports Firefox profiles encrypted with a master password.
Uses multiple threads for efficiency.

Installation

$ git clone https://github.com/christophetd/firepwned.git
$ cd firepwned
$ pip install -r requirements.txt

On Debian / Ubuntu you'll need the package libnss3, which you should already have if you have Firefox installed.

On Mac OS X, you'll need to install NSS: brew install nss/ port install nss.

Usage

$ python firepwned.py

To specify a path to a Firefox profile directory, use the --profile option (by default: the first file found matching ~/.mozilla/firefox/*.default on Ubuntu or ~/Library/Application\ Support/Firefox/Profiles/*.default on Mac OS
To adjust the number of threads used to make requests to the Have I Been Pwned API, use the --threads option (by default: 10)

Docker image

You can also use the christophetd/firepwned image. It is based on Alpine and is very lightweight (~20 MB). However, keep in mind that using a Docker image you didn't build yourself is generally not a good practice: I could very well have built it myself with a different source code than the one in this repository in order to steal your passwords (spoiler: that's not the case). If you wish to build the image yourself, run docker build . -t firepwned and use firepwned instead of christophetd/firepwned in the instructions below.

When running the container, you need to mount the directory of your Firefox profile to /profile in the container.

$ docker run --rm -it \
    --volume $(ls -d ~/.mozilla/firefox/*.default):/profile \
    christophetd/firepwned

Any additional argument you add to the command will be passed to the script, e.g.

$ docker run --rm -it \
    --volume $(ls -d ~/.mozilla/firefox/*.default):/profile \
    christophetd/firepwned \
    --threads 20

How it works

The Have I Been Pwned API supports checking if a password has been leaked without providing the password itself, or even a hash. The way it works is you provide the API with the first 5 characters of the SHA1 hash of the password to check. The API then returns the list of all leaked hashes starting with this prefix, and the script can check locally if one of the hashes matches the password. More information: https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/

Compatibility

Python 3 only. Should theoretically work on any OS supporting Python if provided with the directory of a valid Firefox profile, e.g. on Windows 7:

> python firepwned.py --profile "C:\Users\Christophe\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxx.default"

Acknowledgments

The code to read the saved passwords from Firefox is taken from firefox_decrypt, written by Renato Alves and under the GPL-3.0 license.

Unit tests

$ python -m unittest discover test

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 69

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (4) 🔗