A Python library to leverage Troy Hunt's Have I Been Pwned API v2 and the k-Anonymity model. Inspired by Phil Nash's Ruby gem pwned.
Have I Been Pwned API has shifted from a free product to paid which means I'm not able to maintain it anymore. This repository has therefore been archived. If you would like to migrate this project to v3 of the API, I'm happy to transfer this project and help with any issues that might arise.
This library is supported on Python versions 3.5 and up. Some development packages require Python 3.6 or newer so issues regarding the development environment compatibility should not be reported without first attempting to install newer version of Python.
# Option 1: From the PyPI repository
pip install pwnedapi
# Option 2: For people of great taste
pipenv install pwnedapi
# Option 3: Locally
git clone https://github.com/nikoheikkila/pwnedapi
cd pwnedapi
python setup.py install
In its simplest form you'll only need to use two methods. Will probably add more if and when the API grows.
You can also scan a file of passwords, and export results in any format
supported by the tablib
library.
The library also installs a command-line tool which you can use to check
your password from the comfort of your terminal. Run pwned
to see all the possibilities.
Clone the repository normally. Then run make
to install the dependencies.
While developing it's useful to ensure an acceptable code quality where the
Pylama linter is helpful: run make lint
to check your code. Once you have
written your tests run make test
to invoke the PyTest suites.
To run tests and calculate the code coverage run make coverage
. This command
will fail if you haven't set up a Codecov project with $CODECOV_TOKEN
variable.
Remember to document your features and see that the documentation compiles
successfully by running make docs
.
Check the source code and issues from this repository, and should anything interesting pop out feel free to open a pull request.
Before your changes will be merged make sure that Travis CI pipeline is green and code coverage is on acceptable level. GitHub takes care of these eventually but to save time always consider running the tests locally before pushing.