Checking passwordsafe entries against https://haveibeenpwned.com/

I wanted to check my current passwordsafe database passwords against the data at haveibeenpwned, however I don't like the idea of using the API or the webform to send all of my passwords to a 3rd party.

So I wrote a python script.

#!/usr/bin/env python


import hashlib
import pypwsafev3
from getpass import getpass
import argparse


def getArgs():
    p = argparse.ArgumentParser(description='PasswordSafe hashes')
    p.add_argument('-f', help='PasswordSafe database file')
    return p.parse_args()


def main():
    args = getArgs()

    pw = pypwsafev3.PWSafe3(args.f, getpass('PasswordSafe master:' ))

    with open('hashes.txt', 'w') as f:
        for i in pw.listall():
            f.write('{}, {}\n'.format(i[1], hashlib.sha1(str.encode(i[4])).hexdigest()))


if __name__ == '__main__':
    main()

This generates a text file named "hashes.txt" which contains the name of the password entry and the sha1 hash of the password. Then I could search the pwned-passwords-sha1-ordered-by-count-v5.txt file for them to see if any of them are in the list.

$ sed 's/ //g' hashes.txt | awk -F, '{print $2}' | grep -i -F -f - pwned-passwords-sha1-ordered-by-count-v5.txt