Password Strength & Breach Auditor
Rate your password's real strength offline, then check it against billions of breached passwords without ever sending the password itself.
Password Strength & Breach Auditor is a free, single-file command-line tool from Bug Circuit that tells you two things every password owner should know: how strong a password really is, and whether it has already leaked in a known data breach. It runs on any machine with Python 3.8+ — no installation, no dependencies, no account. Just download one file and run it.
The offline analysis goes well beyond a naive "length times character types" score. It combines a conservative entropy estimate with pattern detection tuned to how attackers actually guess: keyboard walks (qwerty, asdf, and AZERTY/QWERTZ layouts), ascending and descending sequences, repeated blocks, embedded dates and years, and common dictionary words — including leetspeak disguises like "P@ssw0rd". Each weakness reduces the effective score, yielding a clear rating from *very weak* to *very strong* and a rough offline crack-time estimate you can actually act on.
The optional breach check is where privacy is treated as non-negotiable. Using Have I Been Pwned's k-anonymity range API, your password is SHA-1 hashed locally and only the first five characters of that hash are ever sent over the network; the match is completed on your own machine. The password — and even its full hash — never leaves your computer, responses are padded to avoid leaking the result, and passwords are only ever read from a hidden prompt or stdin, never from the command line or any log file. Cross-platform, colorized when it helps and plain when piped, with sensible exit codes for automation, it is a small tool that does one important job carefully. Use it only on passwords and accounts you own or are authorized to test.
How to use
- Install Python 3.8 or newer (most macOS/Linux systems already have it; on Windows, get it from python.org).
- Download bugcircuit-passaudit.py from Bug Circuit and open a terminal in the folder where you saved it.
- Run 'python3 bugcircuit-passaudit.py' (use 'python' on Windows) and type your password at the hidden prompt to get an offline strength report.
- Add '--check-breach' to also test the password against billions of breached passwords using privacy-preserving k-anonymity.
- Read the rating, weaknesses, and (if enabled) breach count; anything rated weak or found in a breach should be replaced.
- For scripts or CI, pipe the password with '--stdin' and branch on the exit code (0 = good, 1 = weak or breached).
Example commands
python3 bugcircuit-passaudit.py
python3 bugcircuit-passaudit.py --check-breach
printf '%s' "$MY_TEST_PASSWORD" | python3 bugcircuit-passaudit.py --stdin --check-breach
python3 bugcircuit-passaudit.py --check-breach --timeout 20 --no-color
python3 bugcircuit-passaudit.py --helpFree · MIT licensed · Python 3.8+ · no dependencies · runs on Windows, macOS & Linux. A free tool from Bug Circuit.
Downloads are free. You’ll sign in to a free store account (any email — takes 10 seconds) so you can re-download any time from your account.
Something not right with your order? Email [email protected] — the same team that runs our security audits makes it right.