Last active
November 13, 2025 13:56
-
-
Save mlebkowski/1887251fdb2a3b34ac88091f9048c2bf to your computer and use it in GitHub Desktop.
check your 1password vault against haveibeenpwned database
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| OP_ACCOUNT="${OP_ACCOUNT:-my.1password.com}" | |
| op() { | |
| command op --account "$OP_ACCOUNT" "$@" --format=json | |
| } | |
| countids() { | |
| echo $# | |
| } | |
| gettitle(){ | |
| op item get "${1}" | jq -r '.title' | |
| } | |
| checkpassword() { | |
| declare id="$1" pwd="$2" | |
| local hash prefix response lineOriginal title | |
| hash="$(echo -n "$pwd"| sha1 | tr '[a-z]' '[A-Z]')" | |
| prefix="${hash:0:5}" | |
| response=$(curl -s https://api.pwnedpasswords.com/range/$prefix) | |
| while read -r line; do | |
| lineOriginal="$prefix$line" | |
| if [ "${lineOriginal:0:40}" == "$hash" ]; then | |
| title="$(gettitle $id)" | |
| echo "Oh no! $title password pwned! You should probably change that one." | |
| fi | |
| done <<< "$response" | |
| } | |
| main () { | |
| local pwd ids count i=1 | |
| ids="$(op items list | jq -r '.[] | select(.category == "LOGIN") | .id')" | |
| count=$(countids $ids) | |
| echo "Found $count potential passwords to check"; | |
| while read id; do | |
| if (( i % 25 == 0 )); then | |
| echo "Processed $i out of about $count" | |
| fi | |
| pwd="$(op item get $id | jq -r '.fields[] | select(.id == "password")|.value?' 2> /dev/null)" | |
| if [ "null" != "$pwd" ]; then | |
| checkpassword "$id" "$pwd" | |
| fi | |
| ((i++)) | |
| done <<< "$ids" | |
| } | |
| main "$@" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment