GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → andrew-schofield → Keepass2 Haveibeenpwned

andrew-schofield / Keepass2 Haveibeenpwned

Licence: mit
Simple Have I Been Pwned checker for KeePass

Labels

cloudflarekeepasshaveibeenpwned

Projects that are alternatives of or similar to Keepass2 Haveibeenpwned

Hibpofflinecheck
Keepass plugin that performs offline and online checks against HaveIBeenPwned passwords
Stars: ✭ 191 (-49.87%)
Mutual labels:  keepass, haveibeenpwned
Pw Pwnage Cfworker
Deploy a Cloudflare Worker to sanely score users' new passwords with zxcvbn AND check for matches against haveibeenpwned's 7.8+ billion breached accounts
Stars: ✭ 125 (-67.19%)
Mutual labels:  cloudflare, haveibeenpwned
keepassxc-pwned
Check your keepassxc database against previously breached haveibeenpwned passwords
Stars: ✭ 25 (-93.44%)
Mutual labels:  keepass, haveibeenpwned
stash-electron
Stash - The friendly secret storage made for teams
Stars: ✭ 18 (-95.28%)
Mutual labels:  keepass
warplus
An automatic multi-threaded WARP+ quota acquirement tool written in Python 3
Stars: ✭ 18 (-95.28%)
Mutual labels:  cloudflare
Nginx Lua Anti Ddos
A Anti-DDoS script to protect Nginx web servers using Lua with a HTML Javascript based authentication puzzle inspired by Cloudflare I am under attack mode an Anti-DDoS authentication page protect yourself from every attack type All Layer 7 Attacks Mitigating Historic Attacks DoS DoS Implications DDoS All Brute Force Attacks Zero day exploits Social Engineering Rainbow Tables Password Cracking Tools Password Lists Dictionary Attacks Time Delay Any Hosting Provider Any CMS or Custom Website Unlimited Attempt Frequency Search Attacks HTTP Basic Authentication HTTP Digest Authentication HTML Form Based Authentication Mask Attacks Rule-Based Search Attacks Combinator Attacks Botnet Attacks Unauthorized IPs IP Whitelisting Bruter THC Hydra John the Ripper Brutus Ophcrack unauthorized logins Injection Broken Authentication and Session Management Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfiguration Cross-Site Scripting (XSS) Insecure Deserialization Using Components with Known Vulnerabilities Insufficient Logging & Monitoring Drupal WordPress Joomla Flash Magento PHP Plone WHMCS Atlassian Products malicious traffic Adult video script avs KVS Kernel Video Sharing Clip Bucket Tube sites Content Management Systems Social networks scripts backends proxy proxies PHP Python Porn sites xxx adult gaming networks servers sites forums vbulletin phpbb mybb smf simple machines forum xenforo web hosting video streaming buffering ldap upstream downstream download upload rtmp vod video over dl hls dash hds mss livestream drm mp4 mp3 swf css js html php python sex m3u zip rar archive compressed mitigation code source sourcecode chan 4chan 4chan.org 8chan.net 8ch 8ch.net infinite chan 8kun 8kun.net anonymous anon tor services .onion torproject.org nginx.org nginx.com openresty.org darknet dark net deepweb deep web darkweb dark web mirror vpn reddit reddit.com adobe flash hackthissite.org dreamhack hack hacked hacking hacker hackers hackerz hackz hacks code coding script scripting scripter source leaks leaked leaking cve vulnerability great firewall china america japan russia .gov government http1 http2 http3 quic q3 litespeedtech litespeed apache torrents torrent torrenting webtorrent bittorrent bitorrent bit-torrent cyberlocker cyberlockers cyber locker cyberbunker warez keygen key generator free irc internet relay chat peer-to-peer p2p cryptocurrency crypto bitcoin miner browser xmr monero coinhive coin hive coin-hive litecoin ethereum cpu cycles popads pop-ads advert advertisement networks banner ads protect ovh blazingfast.io amazon steampowered valve store.steampowered.com steamcommunity thepiratebay lulzsec antisec xhamster pornhub porn.com pornhub.com xhamster.com xvideos xvdideos.com xnxx xnxx.com popads popcash cpm ppc
Stars: ✭ 295 (-22.57%)
Mutual labels:  cloudflare
Keepass Yet Another Favicon Downloader
Yet Another Favicon Downloader for KeePass 2.x
Stars: ✭ 354 (-7.09%)
Mutual labels:  keepass
ideas
A list of Cloudflare App Ideas (in Issues)
Stars: ✭ 37 (-90.29%)
Mutual labels:  cloudflare
Ddns Go
简单好用的DDNS。自动更新域名解析到公网IP(支持阿里云、腾讯云dnspod、Cloudflare、华为云)
Stars: ✭ 307 (-19.42%)
Mutual labels:  cloudflare
Api Covid19 In
COVID Rest API for India data, using Cloudflare Workers
Stars: ✭ 283 (-25.72%)
Mutual labels:  cloudflare
Csvkeychain
Import/export between Apple Keychain.app and plain CSV file.
Stars: ✭ 281 (-26.25%)
Mutual labels:  keepass
faaskit
A lightweight middleware framework for functions as a service
Stars: ✭ 24 (-93.7%)
Mutual labels:  cloudflare
Boringtun
Userspace WireGuard® Implementation in Rust
Stars: ✭ 3,760 (+886.88%)
Mutual labels:  cloudflare
Piped
An alternative privacy-friendly YouTube frontend which is efficient by design.
Stars: ✭ 1,725 (+352.76%)
Mutual labels:  cloudflare
Kdbxweb
Web Kdbx library
Stars: ✭ 322 (-15.49%)
Mutual labels:  keepass
add-url-to-window-title
A Firefox addon which will put the web page address (URL) into the window's title. Useful for customizing KeePass's auto-type
Stars: ✭ 56 (-85.3%)
Mutual labels:  keepass
Slickstack
SlickStack is a free LEMP stack automation script written in Bash designed to enhance and simplify WordPress provisioning, performance, and security.
Stars: ✭ 311 (-18.37%)
Mutual labels:  cloudflare
Keepassonedrivesync
Allows syncing of KeePass databases stored on OneDrive Personal, OneDrive for Business or SharePoint
Stars: ✭ 270 (-29.13%)
Mutual labels:  keepass
Cloudflare Sync
A nice to have, MIT-licensed tool for using Cloudflare as a dynamic DNS provider.
Stars: ✭ 269 (-29.4%)
Mutual labels:  cloudflare
Pwned
An easy, Ruby way to use the Pwned Passwords API.
Stars: ✭ 290 (-23.88%)
Mutual labels:  haveibeenpwned
View All Similar Projects ➔

keepass2-haveibeenpwned

KeePass 2.x plugin to check all entries with URLs against various breach lists.

Download plgx from here.

Mono users can download the dlls from here. Mono users may find they need to install their distro equivalent of mono-complete for the plugin to work properly.

Currently Supported Breach Lists

Site/Domain based

  • Have I Been Pwned (HIBP) - Checks the domains of any entries against the Have I Been Pwned? list curated by Troy Hunt.
  • Cloudbleed vulnerability list - Checks the domains of any entries that appear in the Cloudbleed vulnerability list. This has potential to produce false positives due to the way this list was produced.

Username based

  • Have I Been Pwned (HIBP) - Checks the usernames of any entries against the Have I Been Pwned? list curated by (Troy Hunt)[https://www.troyhunt.com/]. This service requires you to register for an API key via https://haveibeenpwned.com/API/Key . The cost of API key is $3.50 per month (Credit card required).

Password based

  • Have I Been Pwned (HIBP) - Checks the passwords of any entries against the Have I Been Pwned? list curated by Troy Hunt.

This checker sends a small portion of the password hash to HIBP and then checks the full hash locally against the list of hashes returned by HIBP. This service does not send your password, nor enough of the hash to expose your password to HIBP.

Usage

  • Install the plugin into KeePass, this will add an entry to the Tools menu for "Have I Been Pwned?"
  • Clicking this entry will open a sub-menu with entries for the different breach types to check
  • Clicking these entries will open a prompt asking which breach to check, or all, whether to check only entries that have not been modified since the breach date. You also have the option of auto-expiring any breached entries and including any deleted entries.
  • Running the check will result in a dialog listing all the breached entries, and from which breach they originated (entries can appear multiple times if they appear in multiple breach lists). These can then be modified directly from the list.
  • In the case of username breaches the dialog will also list accounts that have been breached but are not stored in the database
  • Right clicking on entries, or groups in the KeePass interfaces will also show the "Have I Been Pwned?" menu items, to allow the checks to be run on more specific sets of entries.
  • If you have an api key from haveibeenpwned.com you need to add it as a password to an entry called "hibp-apikey"

Notes

  • HaveIBeenPwned breach data is downloaded every time the check is run as the data file is small.
  • Cloudbleed data is only downloaded once and then cached here: %PROGRAMDATA%\KeePass\cloudbleed.txt (Windows) or %LOCALAPPDATA%\KeePass\cloudbleed.txt (Linux) as this is currently a ~70MB download. If you wish to refresh the cache, simply delete this file.
  • As KeePass doesn't have a native method for determining when an entry's password was last changed, keepass2-haveibeenpwned will use the history entries if any exist and compare their passwords.
  • Username/password checking could take a while to complete as HIBP applies a rate limit on requests, which means we can only check one username/password every 1.6s
  • Common usernames (such as admin & root) are not removed from the check and will likely result in false positives in your results, however these should be immediately obvious.

Donate

keepass2-haveibeenpwned is developed entirely in my own time. If you wish to support development you can donate via PayPal here.

Donate

Contributers

  • Andrew Schofield
  • Matt Schneeberger
  • strayge
  • SlightlyMadGargoyle
  • Jakob Ledermann
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].