├── .gitattributes
├── .gitignore
├── CHANGELOG.md
├── HaveIBeenPwnedKeePassPlugin.sln
├── HaveIBeenPwnedKeePassPlugin
├── Directory.Build.props
├── HIBP.cs
├── HaveIBeenPwnedPlugin.csproj
├── HaveIBeenPwnedPluginExt.cs
├── Properties
│ └── AssemblyInfo.cs
├── PwEntryExtensions.cs
└── PwEntryIgnoreState.cs
├── KeePass.version
├── LICENSE.md
├── README.md
├── SECURITY.md
├── images
├── checkAllPasswords.jpg
├── checkAllPasswordsStatusBar.jpg
├── checkAllResult.jpg
├── checkSingleResult.jpg
├── pwnedEntry.jpg
├── showAllPwned.jpg
└── toggleIgnoreState.jpg
└── version.json
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
64 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 |
4 | # User-specific files
5 | *.suo
6 | *.user
7 | *.userosscache
8 | *.sln.docstates
9 |
10 | # User-specific files (MonoDevelop/Xamarin Studio)
11 | *.userprefs
12 |
13 | # Build results
14 | [Dd]ebug/
15 | [Dd]ebugPublic/
16 | [Rr]elease/
17 | [Rr]eleases/
18 | x64/
19 | x86/
20 | bld/
21 | [Bb]in/
22 | [Oo]bj/
23 | [Ll]og/
24 |
25 | # Visual Studio 2015 cache/options directory
26 | .vs/
27 | # Uncomment if you have tasks that create the project's static files in wwwroot
28 | #wwwroot/
29 |
30 | # MSTest test Results
31 | [Tt]est[Rr]esult*/
32 | [Bb]uild[Ll]og.*
33 |
34 | # NUNIT
35 | *.VisualState.xml
36 | TestResult.xml
37 |
38 | # Build Results of an ATL Project
39 | [Dd]ebugPS/
40 | [Rr]eleasePS/
41 | dlldata.c
42 |
43 | # DNX
44 | project.lock.json
45 | project.fragment.lock.json
46 | artifacts/
47 |
48 | *_i.c
49 | *_p.c
50 | *_i.h
51 | *.ilk
52 | *.meta
53 | *.obj
54 | *.pch
55 | *.pdb
56 | *.pgc
57 | *.pgd
58 | *.rsp
59 | *.sbr
60 | *.tlb
61 | *.tli
62 | *.tlh
63 | *.tmp
64 | *.tmp_proj
65 | *.log
66 | *.vspscc
67 | *.vssscc
68 | .builds
69 | *.pidb
70 | *.svclog
71 | *.scc
72 |
73 | # Chutzpah Test files
74 | _Chutzpah*
75 |
76 | # Visual C++ cache files
77 | ipch/
78 | *.aps
79 | *.ncb
80 | *.opendb
81 | *.opensdf
82 | *.sdf
83 | *.cachefile
84 | *.VC.db
85 | *.VC.VC.opendb
86 |
87 | # Visual Studio profiler
88 | *.psess
89 | *.vsp
90 | *.vspx
91 | *.sap
92 |
93 | # TFS 2012 Local Workspace
94 | $tf/
95 |
96 | # Guidance Automation Toolkit
97 | *.gpState
98 |
99 | # ReSharper is a .NET coding add-in
100 | _ReSharper*/
101 | *.[Rr]e[Ss]harper
102 | *.DotSettings.user
103 |
104 | # JustCode is a .NET coding add-in
105 | .JustCode
106 |
107 | # TeamCity is a build add-in
108 | _TeamCity*
109 |
110 | # DotCover is a Code Coverage Tool
111 | *.dotCover
112 |
113 | # NCrunch
114 | _NCrunch_*
115 | .*crunch*.local.xml
116 | nCrunchTemp_*
117 |
118 | # MightyMoose
119 | *.mm.*
120 | AutoTest.Net/
121 |
122 | # Web workbench (sass)
123 | .sass-cache/
124 |
125 | # Installshield output folder
126 | [Ee]xpress/
127 |
128 | # DocProject is a documentation generator add-in
129 | DocProject/buildhelp/
130 | DocProject/Help/*.HxT
131 | DocProject/Help/*.HxC
132 | DocProject/Help/*.hhc
133 | DocProject/Help/*.hhk
134 | DocProject/Help/*.hhp
135 | DocProject/Help/Html2
136 | DocProject/Help/html
137 |
138 | # Click-Once directory
139 | publish/
140 |
141 | # Publish Web Output
142 | *.[Pp]ublish.xml
143 | *.azurePubxml
144 | # TODO: Comment the next line if you want to checkin your web deploy settings
145 | # but database connection strings (with potential passwords) will be unencrypted
146 | #*.pubxml
147 | *.publishproj
148 |
149 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
150 | # checkin your Azure Web App publish settings, but sensitive information contained
151 | # in these scripts will be unencrypted
152 | PublishScripts/
153 |
154 | # NuGet Packages
155 | *.nupkg
156 | # The packages folder can be ignored because of Package Restore
157 | **/packages/*
158 | # except build/, which is used as an MSBuild target.
159 | !**/packages/build/
160 | # Uncomment if necessary however generally it will be regenerated when needed
161 | #!**/packages/repositories.config
162 | # NuGet v3's project.json files produces more ignoreable files
163 | *.nuget.props
164 | *.nuget.targets
165 |
166 | # Microsoft Azure Build Output
167 | csx/
168 | *.build.csdef
169 |
170 | # Microsoft Azure Emulator
171 | ecf/
172 | rcf/
173 |
174 | # Windows Store app package directories and files
175 | AppPackages/
176 | BundleArtifacts/
177 | Package.StoreAssociation.xml
178 | _pkginfo.txt
179 |
180 | # Visual Studio cache files
181 | # files ending in .cache can be ignored
182 | *.[Cc]ache
183 | # but keep track of directories ending in .cache
184 | !*.[Cc]ache/
185 |
186 | # Others
187 | ClientBin/
188 | ~$*
189 | *~
190 | *.dbmdl
191 | *.dbproj.schemaview
192 | *.jfm
193 | *.pfx
194 | *.publishsettings
195 | node_modules/
196 | orleans.codegen.cs
197 |
198 | # Since there are multiple workflows, uncomment next line to ignore bower_components
199 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
200 | #bower_components/
201 |
202 | # RIA/Silverlight projects
203 | Generated_Code/
204 |
205 | # Backup & report files from converting an old project file
206 | # to a newer Visual Studio version. Backup files are not needed,
207 | # because we have git ;-)
208 | _UpgradeReport_Files/
209 | Backup*/
210 | UpgradeLog*.XML
211 | UpgradeLog*.htm
212 |
213 | # SQL Server files
214 | *.mdf
215 | *.ldf
216 |
217 | # Business Intelligence projects
218 | *.rdl.data
219 | *.bim.layout
220 | *.bim_*.settings
221 |
222 | # Microsoft Fakes
223 | FakesAssemblies/
224 |
225 | # GhostDoc plugin setting file
226 | *.GhostDoc.xml
227 |
228 | # Node.js Tools for Visual Studio
229 | .ntvs_analysis.dat
230 |
231 | # Visual Studio 6 build log
232 | *.plg
233 |
234 | # Visual Studio 6 workspace options file
235 | *.opt
236 |
237 | # Visual Studio LightSwitch build output
238 | **/*.HTMLClient/GeneratedArtifacts
239 | **/*.DesktopClient/GeneratedArtifacts
240 | **/*.DesktopClient/ModelManifest.xml
241 | **/*.Server/GeneratedArtifacts
242 | **/*.Server/ModelManifest.xml
243 | _Pvt_Extensions
244 |
245 | # Paket dependency manager
246 | .paket/paket.exe
247 | paket-files/
248 |
249 | # FAKE - F# Make
250 | .fake/
251 |
252 | # JetBrains Rider
253 | .idea/
254 | *.sln.iml
255 |
256 | # CodeRush
257 | .cr/
258 |
259 | # Python Tools for Visual Studio (PTVS)
260 | __pycache__/
261 | *.pyc
262 |
263 | # KeePass portable
264 | /KeePass-2.*
265 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | # Changelog
2 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
3 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
4 |
5 | ## [Unreleased]
6 | ### Added
7 |
8 | ## [0.9.0] - 2025-03-04
9 | ### Changed
10 | - When checking for passwords, empty passwords now get skipped
11 |
12 | ## [0.8.0] - 2024-04-21
13 | ### Added
14 | - Added support for TLS 1.3
15 |
16 | ### Changed
17 | - Improved the reproducibility of the release build
18 | - The debug symbols of the release builds are now embedded (Embedded Portable PDB)
19 |
20 | ## [0.7.1] - 2021-11-04
21 | ### Fixed
22 | - The current selection could be lost if the entry list was refreshed after performing a HIBP search
23 |
24 | ## [0.7.0] - 2021-03-09
25 | ### Added
26 | - Added a new option to enable date changes for the password entries when any breach information gets added or removed
27 |
28 | ## [0.6.0] - 2020-07-12
29 | ### Added
30 | - Added a new option to enable a good news (no breach) message, when an entry is manually checked ('check current password')
31 | - When a password entry has the tag 'pwned-ignore', it will be ignored on all automatic checks (Can be toggled via context menu)
32 |
33 | ## [0.5.0] - 2020-04-26
34 | ### Added
35 | - New status indicator and counts in the status bar while checking the whole database for pwned passwords
36 |
37 | ## [0.4.0] - 2020-03-05
38 | ### Changed
39 | - Enhanced privacy by supporting the new [pwned passwords padding](https://www.troyhunt.com/enhancing-pwned-passwords-privacy-with-padding/) by [Troy Hunt], [Junade Ali] and [Matt Weir]
40 |
41 | ## [0.3.1] - 2020-01-10
42 | ### Changed
43 | - If there are connection problems with the HIBP API, the automatic check when changing an entry is disabled
44 | - Improved response handling for breach count to make it more cross-platform compatible
45 |
46 | ### Fixed
47 | - Added a message for connectivity issues with the HIBP API
48 |
49 | ## [0.3.0] - 2019-10-23
50 | ### Added
51 | - Option for skipping expired entries (enabled by default)
52 |
53 | ## [0.2.0] - 2019-01-29
54 | ### Added
55 | - Added .NET requirements to Readme
56 | - Publish a release on GitHub
57 |
58 | ### Changed
59 | - Improved handling of "has database been modified" (only indicate it if there is really any change)
60 | - Removed dependency on System.ValueTuple (target .NET 4.7.2)
61 |
62 | ## [0.1.0] - Initial release
63 | ### Added
64 | - Search againgst the Pwned Passwords service of [HIBP](https://haveibeenpwned.com) with the [k-Anonymity model](https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/)
65 | - Search the whole database against HIBP Pnwed Passwords
66 | - Search current selected entry against HIBP Pwned Passwords
67 | - Check HIBP Pnwed Passwords service when an entry gets modified (optional)
68 | - Big thanks to [Troy Hunt] and [Junade Ali] who make this possible!
69 |
70 | [Unreleased]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/compare/v0.9.0...HEAD
71 | [0.9.0]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/compare/v0.8.0...v0.9.0
72 | [0.8.0]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/compare/v0.7.1...v0.8.0
73 | [0.7.1]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/compare/v0.7.0...v0.7.1
74 | [0.7.0]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/compare/v0.6.0...v0.7.0
75 | [0.6.0]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/compare/v0.5.0...v0.6.0
76 | [0.5.0]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/compare/v0.4.0...v0.5.0
77 | [0.4.0]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/compare/v0.3.1...v0.4.0
78 | [0.3.1]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/compare/v0.3.0...v0.3.1
79 | [0.3.0]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/compare/v0.2.0...v0.3.0
80 | [0.2.0]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/compare/v0.1.0...v0.2.0
81 | [0.1.0]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/releases/tag/v0.1.0
82 |
83 | [Troy Hunt]: https://www.troyhunt.com
84 | [Junade Ali]: https://icyapril.com
85 | [Matt Weir]: https://reusablesec.blogspot.com/
--------------------------------------------------------------------------------
/HaveIBeenPwnedKeePassPlugin.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 17
4 | VisualStudioVersion = 17.9.34728.123
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{8853044B-7D95-4B20-965D-08E2454F781F}"
7 | ProjectSection(SolutionItems) = preProject
8 | .gitignore = .gitignore
9 | CHANGELOG.md = CHANGELOG.md
10 | KeePass.version = KeePass.version
11 | README.md = README.md
12 | version.json = version.json
13 | EndProjectSection
14 | EndProject
15 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "HaveIBeenPwnedPlugin", "HaveIBeenPwnedKeePassPlugin\HaveIBeenPwnedPlugin.csproj", "{CAC070C1-8B7E-4BA7-8F20-B3E4F56D2E03}"
16 | EndProject
17 | Global
18 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
19 | Debug|Any CPU = Debug|Any CPU
20 | Release|Any CPU = Release|Any CPU
21 | EndGlobalSection
22 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
23 | {CAC070C1-8B7E-4BA7-8F20-B3E4F56D2E03}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
24 | {CAC070C1-8B7E-4BA7-8F20-B3E4F56D2E03}.Debug|Any CPU.Build.0 = Debug|Any CPU
25 | {CAC070C1-8B7E-4BA7-8F20-B3E4F56D2E03}.Release|Any CPU.ActiveCfg = Release|Any CPU
26 | {CAC070C1-8B7E-4BA7-8F20-B3E4F56D2E03}.Release|Any CPU.Build.0 = Release|Any CPU
27 | EndGlobalSection
28 | GlobalSection(SolutionProperties) = preSolution
29 | HideSolutionNode = FALSE
30 | EndGlobalSection
31 | GlobalSection(ExtensibilityGlobals) = postSolution
32 | SolutionGuid = {B667B289-C3BC-465F-96E7-D5525413380F}
33 | EndGlobalSection
34 | EndGlobal
35 |
--------------------------------------------------------------------------------
/HaveIBeenPwnedKeePassPlugin/Directory.Build.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | 3.7.115
6 | all
7 |
8 |
9 |
10 | true
11 |
12 |
13 | $(MSBuildProjectDirectory)=./$(MsBuildProjectName)/
14 |
15 |
--------------------------------------------------------------------------------
/HaveIBeenPwnedKeePassPlugin/HIBP.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Linq;
3 | using System.Net.Http;
4 | using System.Threading.Tasks;
5 |
6 | namespace HaveIBeenPwnedPlugin
7 | {
8 | internal class HIBP : IDisposable
9 | {
10 | private const string HIBP_RangeApiUrl = "https://api.pwnedpasswords.com/range/";
11 | private static readonly HttpClient s_httpClient = new HttpClient();
12 |
13 | public HIBP()
14 | {
15 | s_httpClient.DefaultRequestHeaders.Add("User-Agent", $"KeePass Plugin {nameof(HaveIBeenPwnedPlugin)}");
16 | s_httpClient.DefaultRequestHeaders.Add("Add-Padding", bool.TrueString);
17 | }
18 |
19 | public async Task<(bool isBreached, int breachCount)> CheckRangeAsync(string sha1Prefix, string sha1Suffix)
20 | {
21 | bool isBreached = false;
22 | int breachedCount = 0;
23 | var response = await s_httpClient.GetStringAsync($"{HIBP_RangeApiUrl}{sha1Prefix}");
24 |
25 | if (response.Contains(sha1Suffix))
26 | {
27 | isBreached = true;
28 |
29 | int.TryParse(response.Split(new[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries)
30 | ?.FirstOrDefault(row => row.StartsWith(sha1Suffix, StringComparison.Ordinal))
31 | ?.Split(new[] { ':' })?[1], out breachedCount);
32 |
33 | if (breachedCount == 0)
34 | {
35 | // Padded entries always have a password count of 0 and can be discarded once received.
36 | // https://haveibeenpwned.com/API/v3#PwnedPasswordsPadding
37 | isBreached = false;
38 | }
39 | }
40 |
41 | return (isBreached, breachedCount);
42 | }
43 |
44 | public async Task<(bool isBreached, int breachCount)> CheckRangeAsync((string sha1Prefix, string sha1Suffix) sha1Values)
45 | {
46 | return await CheckRangeAsync(sha1Values.sha1Prefix, sha1Values.sha1Suffix);
47 | }
48 |
49 | public void Dispose()
50 | {
51 | s_httpClient.Dispose();
52 | }
53 | }
54 | }
55 |
--------------------------------------------------------------------------------
/HaveIBeenPwnedKeePassPlugin/HaveIBeenPwnedPlugin.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {CAC070C1-8B7E-4BA7-8F20-B3E4F56D2E03}
8 | Library
9 | Properties
10 | HaveIBeenPwnedPlugin
11 | HaveIBeenPwnedPlugin
12 | v4.7.2
13 | 512
14 | true
15 |
16 |
17 | true
18 | portable
19 | false
20 | ..\KeePass-2.X\Plugins\
21 | DEBUG;TRACE
22 | prompt
23 | 4
24 |
25 |
26 | embedded
27 | true
28 | bin\Release\
29 | TRACE
30 | prompt
31 | 4
32 | true
33 |
34 |
35 |
36 | ..\KeePass-2.X\KeePass.exe
37 | False
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
--------------------------------------------------------------------------------
/HaveIBeenPwnedKeePassPlugin/HaveIBeenPwnedPluginExt.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Net;
5 | using System.Net.Http;
6 | using System.Reflection;
7 | using System.Security.Cryptography;
8 | using System.Threading.Tasks;
9 | using System.Windows.Forms;
10 | using KeePass.Plugins;
11 | using KeePass.UI;
12 | using KeePassLib;
13 | using KeePassLib.Utility;
14 |
15 | namespace HaveIBeenPwnedPlugin
16 | {
17 | public sealed class HaveIBeenPwnedPluginExt : Plugin
18 | {
19 | private IPluginHost _pluginHost = null;
20 | private bool _checkPasswordOnEntryTouched = true;
21 | private bool _isIgnoreExpiredEntriesEnabled = true;
22 | private bool _isShowGoodNewsOnManualEntryCheckEnabled = false;
23 | private bool _isModifyPwEntryDatesEnabled = false;
24 | private const string Option_CheckPasswordOnEntryTouched = "HaveIBeenPwnedPlugin_Option_CheckPasswordOnEntryTouched";
25 | private const string Option_IgnoreExpiredEntries = "HaveIBeenPwnedPlugin_Option_IgnoreExpiredEntries";
26 | private const string Option_ShowGoodNewsOnManualEntryCheck = "HaveIBeenPwnedPlugin_Option_ShowGoodNewsOnManualEntryCheck";
27 | private const string Option_ModifyPwEntryDates = "HaveIBeenPwnedPlugin_Option_ModifyPwEntryDates";
28 | private const string BreachedTag = "pwned";
29 | private const string IgnorePwnedTag = "pwned-ignore";
30 | private const string BreachCountCustomDataName = "pwned-count";
31 | private const string Message_NoEntrySelected = "No entry selected!";
32 | private readonly HIBP _hibp;
33 |
34 | public HaveIBeenPwnedPluginExt() => _hibp = new HIBP();
35 |
36 | public override string UpdateUrl => "https://raw.githubusercontent.com/kapsiR/HaveIBeenPwnedKeePassPlugin/main/KeePass.version";
37 |
38 | ///
39 | /// Initialization of the plugin
40 | ///
41 | /// Plugin host interface. Access the KeePass main window, the currently opened database, etc.
42 | /// true if plugin should be loaded within KeePass, otherwise false
43 | public override bool Initialize(IPluginHost pluginHost)
44 | {
45 | if (pluginHost == null)
46 | {
47 | return false;
48 | }
49 |
50 | _pluginHost = pluginHost;
51 |
52 | try
53 | {
54 | // Supported protocols for HIBP are >= TLS 1.2
55 | // https://haveibeenpwned.com/API/v2#HTTPS
56 |
57 | // We want to enforce secure defaults, hence we don't rely on SecurityProtocolType.SystemDefault
58 | // TLS 1.3 is supported since Windows Server 2022 / Windows 11, version 21H2
59 | // The enum value for TLS 1.3 (0x3000) has been added in .NET Framework 4.8
60 | // Since we target 4.7.2, we use it directly as value
61 | ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | (SecurityProtocolType)12288;
62 | }
63 | catch (NotSupportedException)
64 | {
65 | MessageService.ShowWarning($"Can't load {Assembly.GetAssembly(typeof(HaveIBeenPwnedPluginExt)).GetName()}",
66 | $"{nameof(SecurityProtocolType)} '{nameof(SecurityProtocolType.Tls12)}' is not supported!");
67 |
68 | return false;
69 | }
70 |
71 | InitializeCustomConfigSettings();
72 | InitializeEvents();
73 |
74 | return true;
75 | }
76 |
77 | private void InitializeEvents()
78 | {
79 | PwEntry.EntryTouched += PwEntry_TouchedAsync;
80 | }
81 |
82 | private void InitializeCustomConfigSettings()
83 | {
84 | _checkPasswordOnEntryTouched = _pluginHost.CustomConfig.GetBool(Option_CheckPasswordOnEntryTouched, true);
85 | _isIgnoreExpiredEntriesEnabled = _pluginHost.CustomConfig.GetBool(Option_IgnoreExpiredEntries, true);
86 | _isShowGoodNewsOnManualEntryCheckEnabled = _pluginHost.CustomConfig.GetBool(Option_ShowGoodNewsOnManualEntryCheck, false);
87 | _isModifyPwEntryDatesEnabled = _pluginHost.CustomConfig.GetBool(Option_ModifyPwEntryDates, false);
88 | }
89 |
90 | private async void PwEntry_TouchedAsync(object o, ObjectTouchedEventArgs e)
91 | {
92 | if (!_checkPasswordOnEntryTouched)
93 | {
94 | return;
95 | }
96 |
97 | if (e.Modified && e.Object is PwEntry pwEntry)
98 | {
99 | if (CheckEntryIgnoreConditions(pwEntry) != PwEntryIgnoreState.None)
100 | {
101 | return;
102 | }
103 |
104 | await CheckHaveIBeenPwnedForEntry(pwEntry);
105 | }
106 | }
107 |
108 | ///
109 | /// Checks whether the entry should be ignored or not
110 | /// Any other PwEntryIgnoreState than PwEntryIgnoreState.None will be ignored
111 | ///
112 | /// The password entry
113 | /// The PwEntryIgnoreState with the ignore reason
114 | private PwEntryIgnoreState CheckEntryIgnoreConditions(PwEntry pwEntry)
115 | {
116 | if (_isIgnoreExpiredEntriesEnabled && pwEntry.IsExpired())
117 | {
118 | return PwEntryIgnoreState.IsExpired;
119 | }
120 |
121 | if (pwEntry.HasTag(IgnorePwnedTag))
122 | {
123 | return PwEntryIgnoreState.IsIgnored;
124 | }
125 |
126 | if (pwEntry.Strings.GetSafe("Password").IsEmpty)
127 | {
128 | return PwEntryIgnoreState.IsEmptyPassword;
129 | }
130 |
131 | return PwEntryIgnoreState.None;
132 | }
133 |
134 | private async Task CheckHaveIBeenPwnedForEntry(PwEntry pwEntry, Action executesWhenEntryIsGood = null)
135 | {
136 | if (pwEntry == null)
137 | {
138 | throw new ArgumentNullException(nameof(pwEntry));
139 | }
140 |
141 | // Don't check HIBP with an empty password
142 | if (pwEntry.Strings.GetSafe("Password").IsEmpty)
143 | {
144 | return;
145 | }
146 |
147 | try
148 | {
149 | using (SHA1Managed sha1 = new SHA1Managed())
150 | {
151 | var (isBreached, breachCount) = await _hibp.CheckRangeAsync(ComputeSha1HexPartsFromEntry(pwEntry, sha1));
152 |
153 | bool entryModified = false;
154 | if (isBreached)
155 | {
156 | entryModified = UpdateEntryWithBreachInformation(pwEntry, breachCount);
157 |
158 | MessageService.ShowWarning($"Oh no. This password is breached and has been seen {breachCount} times before!",
159 | $"Source: https://haveibeenpwned.com");
160 | }
161 | else
162 | {
163 | entryModified = UpdateEntryRemoveBreachInformation(pwEntry);
164 | executesWhenEntryIsGood?.Invoke();
165 | }
166 |
167 | UpdateUI_EntryList(entryModified);
168 | }
169 | }
170 | catch (HttpRequestException)
171 | {
172 | SetHibpErrorState();
173 | }
174 | }
175 |
176 | private void SetHibpErrorState()
177 | {
178 | UnsubscribeEvents();
179 |
180 | MessageService.ShowWarning("There was a connectivity error while checking the HIBP Password Api.",
181 | "Automatic checks, e.g. when an entry gets modified, are disabled until you restart KeePass.",
182 | "You can still use all manual functions once connectivity is restored.");
183 | }
184 |
185 | ///
186 | /// Removes breach tag from entry
187 | ///
188 | ///
189 | ///
190 | /// true, if any breach tag has been removed, otherwise false
191 | private bool UpdateEntryRemoveBreachInformation(PwEntry pwEntry)
192 | {
193 | if (pwEntry.Tags.Contains(BreachedTag))
194 | {
195 | pwEntry.Tags.Remove(BreachedTag);
196 | pwEntry.CustomData.Remove(BreachCountCustomDataName);
197 | UpdatePwEntryDates(pwEntry);
198 |
199 | return true;
200 | }
201 |
202 | return false;
203 | }
204 |
205 | private void UpdatePwEntryDates(PwEntry pwEntry)
206 | {
207 | if (_isModifyPwEntryDatesEnabled)
208 | {
209 | pwEntry.LastModificationTime = DateTime.Now;
210 | pwEntry.LastAccessTime = DateTime.Now;
211 | }
212 | }
213 |
214 | ///
215 | /// Adds breach tag to entry
216 | ///
217 | ///
218 | ///
219 | /// true, if breach tag has been newly added, otherwise false
220 | private bool UpdateEntryWithBreachInformation(PwEntry pwEntry, int breachCount)
221 | {
222 | if (!pwEntry.Tags.Contains(BreachedTag))
223 | {
224 | pwEntry.AddTag(BreachedTag);
225 |
226 | if (breachCount > 0)
227 | {
228 | pwEntry.CustomData.Set(BreachCountCustomDataName, breachCount.ToString());
229 | }
230 |
231 | UpdatePwEntryDates(pwEntry);
232 |
233 | return true;
234 | }
235 |
236 | return false;
237 | }
238 |
239 | public override void Terminate()
240 | {
241 | SaveCurrentCustomConfigSettings();
242 | UnsubscribeEvents();
243 |
244 | _hibp.Dispose();
245 | }
246 |
247 | private void UnsubscribeEvents()
248 | {
249 | PwEntry.EntryTouched -= PwEntry_TouchedAsync;
250 | }
251 |
252 | private void SaveCurrentCustomConfigSettings()
253 | {
254 | _pluginHost.CustomConfig.SetBool(Option_CheckPasswordOnEntryTouched, _checkPasswordOnEntryTouched);
255 | _pluginHost.CustomConfig.SetBool(Option_IgnoreExpiredEntries, _isIgnoreExpiredEntriesEnabled);
256 | _pluginHost.CustomConfig.SetBool(Option_ShowGoodNewsOnManualEntryCheck, _isShowGoodNewsOnManualEntryCheckEnabled);
257 | _pluginHost.CustomConfig.SetBool(Option_ModifyPwEntryDates, _isModifyPwEntryDatesEnabled);
258 | }
259 |
260 | public override ToolStripMenuItem GetMenuItem(PluginMenuType t)
261 | {
262 | // Don't add menu items to tray
263 | if (t == PluginMenuType.Tray)
264 | {
265 | return null;
266 | }
267 |
268 | ToolStripMenuItem pluginRootMenuItem = new ToolStripMenuItem("Have I Been Pwned");
269 |
270 | ToolStripMenuItem checkCurrentPasswordMenuItem = new ToolStripMenuItem
271 | {
272 | Text = "Check current password"
273 | };
274 | checkCurrentPasswordMenuItem.Click += CheckCurrentPasswordMenuItem_ClickAsync;
275 | pluginRootMenuItem.DropDownItems.Add(checkCurrentPasswordMenuItem);
276 |
277 | ToolStripMenuItem checkAllPasswordsMenuItem = new ToolStripMenuItem
278 | {
279 | Text = "Check all passwords"
280 | };
281 | checkAllPasswordsMenuItem.Click += CheckAllPasswordsMenuItem_ClickAsync;
282 | pluginRootMenuItem.DropDownItems.Add(checkAllPasswordsMenuItem);
283 |
284 | pluginRootMenuItem.DropDownItems.Add(new ToolStripSeparator());
285 |
286 | if (t == PluginMenuType.Entry)
287 | {
288 | ToolStripMenuItem toggleCurrentPasswordIgnoreStateMenuItem = new ToolStripMenuItem
289 | {
290 | Text = "Toggle ignore state"
291 | };
292 | toggleCurrentPasswordIgnoreStateMenuItem.Click += ToggleCurrentPasswordIgnoreStateMenuItem_Click;
293 | pluginRootMenuItem.DropDownItems.Add(toggleCurrentPasswordIgnoreStateMenuItem);
294 |
295 | pluginRootMenuItem.DropDownItems.Add(new ToolStripSeparator());
296 | }
297 |
298 | ToolStripMenuItem checkBoxMenuItem_Option_CheckPasswordOnEntryTouched = new ToolStripMenuItem
299 | {
300 | Text = "Check password when entry gets modified",
301 | Checked = _checkPasswordOnEntryTouched
302 | };
303 | checkBoxMenuItem_Option_CheckPasswordOnEntryTouched.Click += CheckBoxMenuItem_Option_CheckPasswordOnEntryTouched_Click;
304 | pluginRootMenuItem.DropDownItems.Add(checkBoxMenuItem_Option_CheckPasswordOnEntryTouched);
305 |
306 | ToolStripMenuItem checkBoxMenuItem_Option_SkipExpiredEntries = new ToolStripMenuItem
307 | {
308 | Text = "Skip expired entries",
309 | Checked = _isIgnoreExpiredEntriesEnabled
310 | };
311 | checkBoxMenuItem_Option_SkipExpiredEntries.Click += CheckBoxMenuItem_Option_SkipExpiredEntries_Click;
312 | pluginRootMenuItem.DropDownItems.Add(checkBoxMenuItem_Option_SkipExpiredEntries);
313 |
314 | ToolStripMenuItem checkBoxMenuItem_Option_ShowGoodNewsOnManualEntryCheck = new ToolStripMenuItem
315 | {
316 | Text = "Show good news when checking an entry manually too",
317 | Checked = _isShowGoodNewsOnManualEntryCheckEnabled
318 | };
319 | checkBoxMenuItem_Option_ShowGoodNewsOnManualEntryCheck.Click += CheckBoxMenuItem_Option_ShowGoodNewsOnManualEntryCheck_Click;
320 | pluginRootMenuItem.DropDownItems.Add(checkBoxMenuItem_Option_ShowGoodNewsOnManualEntryCheck);
321 |
322 | ToolStripMenuItem checkBoxMenuItem_Option_ModifyPwEntryDates = new ToolStripMenuItem
323 | {
324 | Text = "Enable entry date changes when breach information is added/removed",
325 | Checked = _isModifyPwEntryDatesEnabled
326 | };
327 | checkBoxMenuItem_Option_ModifyPwEntryDates.Click += CheckBoxMenuItem_Option_ModifyPwEntryDates_Click;
328 | pluginRootMenuItem.DropDownItems.Add(checkBoxMenuItem_Option_ModifyPwEntryDates);
329 |
330 | return pluginRootMenuItem;
331 | }
332 |
333 | private void CheckBoxMenuItem_Option_ModifyPwEntryDates_Click(object sender, EventArgs e)
334 | {
335 | _isModifyPwEntryDatesEnabled = !_isModifyPwEntryDatesEnabled;
336 | UIUtil.SetChecked(sender as ToolStripMenuItem, _isModifyPwEntryDatesEnabled);
337 | }
338 |
339 | private void CheckBoxMenuItem_Option_ShowGoodNewsOnManualEntryCheck_Click(object sender, EventArgs e)
340 | {
341 | _isShowGoodNewsOnManualEntryCheckEnabled = !_isShowGoodNewsOnManualEntryCheckEnabled;
342 | UIUtil.SetChecked(sender as ToolStripMenuItem, _isShowGoodNewsOnManualEntryCheckEnabled);
343 | }
344 |
345 | private void CheckBoxMenuItem_Option_SkipExpiredEntries_Click(object sender, EventArgs e)
346 | {
347 | _isIgnoreExpiredEntriesEnabled = !_isIgnoreExpiredEntriesEnabled;
348 | UIUtil.SetChecked(sender as ToolStripMenuItem, _isIgnoreExpiredEntriesEnabled);
349 | }
350 |
351 | private async void CheckCurrentPasswordMenuItem_ClickAsync(object sender, EventArgs e)
352 | {
353 | if (TryGetCurrentSelectedPwEntry(out PwEntry selectedEntry))
354 | {
355 | await CheckHaveIBeenPwnedForEntry(selectedEntry, () =>
356 | {
357 | if (_isShowGoodNewsOnManualEntryCheckEnabled)
358 | {
359 | MessageService.ShowInfoEx("Good news", $"No pwnage found!",
360 | $"Source: https://haveibeenpwned.com");
361 | }
362 | });
363 | }
364 | else
365 | {
366 | MessageService.ShowInfo(Message_NoEntrySelected);
367 | }
368 | }
369 |
370 | private void ToggleCurrentPasswordIgnoreStateMenuItem_Click(object sender, EventArgs e)
371 | {
372 | if (TryGetCurrentSelectedPwEntry(out PwEntry selectedEntry))
373 | {
374 | if (selectedEntry.HasTag(IgnorePwnedTag))
375 | {
376 | selectedEntry.RemoveTag(IgnorePwnedTag);
377 | }
378 | else
379 | {
380 | selectedEntry.AddTag(IgnorePwnedTag);
381 | }
382 |
383 | UpdateUI_EntryList(true);
384 | }
385 | else
386 | {
387 | MessageService.ShowInfo(Message_NoEntrySelected);
388 | }
389 | }
390 |
391 | private bool TryGetCurrentSelectedPwEntry(out PwEntry currentSelectedPwEntry)
392 | {
393 | currentSelectedPwEntry = null;
394 |
395 | if (IsDatabaseOpen())
396 | {
397 | currentSelectedPwEntry = _pluginHost.MainWindow.GetSelectedEntry(true, false);
398 |
399 | if (currentSelectedPwEntry != null)
400 | {
401 | return true;
402 | }
403 | }
404 |
405 | return false;
406 | }
407 |
408 | private async void CheckAllPasswordsMenuItem_ClickAsync(object sender, EventArgs e)
409 | {
410 | if (!IsDatabaseOpen())
411 | {
412 | return;
413 | }
414 |
415 | var entries = _pluginHost.Database.RootGroup.GetEntries(true) as IEnumerable;
416 |
417 | int skippedExpiredEntriesCount = 0;
418 | int skippedIgnoredEntriesCount = 0;
419 | int skippedEmptyPasswordEntriesCount = 0;
420 | int checkedEntriesCount = 0;
421 | int pwnedEntriesCount = 0;
422 | int addedPwnedTagCount = 0;
423 | int removedPwnedTagCount = 0;
424 |
425 | using (SHA1Managed sha1 = new SHA1Managed())
426 | {
427 | int entriesCount = entries.Count();
428 | var statusBarLogger = _pluginHost.MainWindow.CreateStatusBarLogger();
429 | string statusText = "Checking all passwords against HIBP pwned passwords... {0}/" + entriesCount;
430 | statusBarLogger.StartLogging(string.Format(statusText, 0), false);
431 | double progress = 1;
432 |
433 | foreach (PwEntry entry in entries)
434 | {
435 | checkedEntriesCount++;
436 |
437 | var ignoreState = CheckEntryIgnoreConditions(entry);
438 | switch (ignoreState)
439 | {
440 | case PwEntryIgnoreState.IsExpired:
441 | skippedExpiredEntriesCount++;
442 | continue;
443 |
444 | case PwEntryIgnoreState.IsIgnored:
445 | skippedIgnoredEntriesCount++;
446 | continue;
447 |
448 | case PwEntryIgnoreState.IsEmptyPassword:
449 | skippedEmptyPasswordEntriesCount++;
450 | continue;
451 |
452 | case PwEntryIgnoreState.None:
453 | default:
454 | break;
455 | }
456 |
457 | (string sha1Prefix, string sha1Suffix) = ComputeSha1HexPartsFromEntry(entry, sha1);
458 |
459 | try
460 | {
461 | var (isBreached, breachCount) = await _hibp.CheckRangeAsync(sha1Prefix, sha1Suffix);
462 |
463 | if (isBreached)
464 | {
465 | if (UpdateEntryWithBreachInformation(entry, breachCount))
466 | {
467 | addedPwnedTagCount++;
468 | }
469 | pwnedEntriesCount++;
470 | }
471 | else
472 | {
473 | if (UpdateEntryRemoveBreachInformation(entry))
474 | {
475 | removedPwnedTagCount++;
476 | }
477 | }
478 | }
479 | catch (HttpRequestException)
480 | {
481 | SetHibpErrorState();
482 | break;
483 | }
484 |
485 | statusBarLogger.SetText(string.Format(statusText, progress), KeePassLib.Interfaces.LogStatusType.Info);
486 | statusBarLogger.SetProgress((uint)(progress++ / entriesCount * 100));
487 | }
488 |
489 | statusBarLogger.EndLogging();
490 | }
491 |
492 | if (addedPwnedTagCount > 0 || removedPwnedTagCount > 0)
493 | {
494 | UpdateUI_EntryList(true);
495 | }
496 | else
497 | {
498 | UpdateUI_EntryList(false);
499 | }
500 |
501 | MessageService.ShowInfo($"Checked entries: {checkedEntriesCount}",
502 | $"Pwned entries: {pwnedEntriesCount}",
503 | $"New pwned entries: {addedPwnedTagCount}",
504 | $"Entries not pwned anymore: {removedPwnedTagCount}",
505 | $"Skipped expired entries: {skippedExpiredEntriesCount}",
506 | $"Skipped ignored entries: {skippedIgnoredEntriesCount}",
507 | $"Skipped entries with empty passwords: {skippedEmptyPasswordEntriesCount}");
508 | }
509 |
510 | private void UpdateUI_EntryList(bool setModified)
511 | {
512 | // Quote from KeePass.Forms.MainForm.UpdateEntryList
513 | // > Note that if you only made small changes (like editing an existing entry), the
514 | // > RefreshEntriesList function could be a better choice, as it only
515 | // > updates currently listed items and doesn't rebuild the whole list as
516 | // > UpdateEntryList.
517 | _pluginHost.MainWindow?.RefreshEntriesList();
518 | if (setModified && IsDatabaseOpen())
519 | {
520 | _pluginHost.Database.Modified = true;
521 | }
522 | }
523 |
524 | private (string sha1Prefix, string sha1Suffix) ComputeSha1HexPartsFromEntry(PwEntry entry, SHA1Managed sha1Managed)
525 | {
526 | string sha1Hex = BitConverter.ToString(sha1Managed.ComputeHash(entry.Strings.GetSafe("Password").ReadUtf8())).Replace("-", string.Empty);
527 |
528 | return (sha1Hex.Substring(0, 5), sha1Hex.Substring(5, sha1Hex.Length - 5));
529 | }
530 |
531 | private void CheckBoxMenuItem_Option_CheckPasswordOnEntryTouched_Click(object sender, EventArgs e)
532 | {
533 | _checkPasswordOnEntryTouched = !_checkPasswordOnEntryTouched;
534 | UIUtil.SetChecked(sender as ToolStripMenuItem, _checkPasswordOnEntryTouched);
535 | }
536 |
537 | private bool IsDatabaseOpen()
538 | {
539 | PwDatabase database = _pluginHost.Database;
540 |
541 | if (database != null && database.IsOpen)
542 | {
543 | return true;
544 | }
545 |
546 | return false;
547 | }
548 | }
549 | }
550 |
--------------------------------------------------------------------------------
/HaveIBeenPwnedKeePassPlugin/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.InteropServices;
3 |
4 | [assembly: AssemblyTitle("Have I Been Pwned Plugin")]
5 | [assembly: AssemblyDescription("This KeePass Plugin provides various ways to interact with the great HIBP service from Troy Hunt")]
6 | [assembly: AssemblyConfiguration("")]
7 | [assembly: AssemblyCompany("kapsiR")]
8 | [assembly: AssemblyProduct("KeePass Plugin")]
9 | [assembly: AssemblyCopyright("Copyright © kapsiR")]
10 | [assembly: AssemblyTrademark("")]
11 | [assembly: AssemblyCulture("")]
12 |
13 | // Setting ComVisible to false makes the types in this assembly not visible
14 | // to COM components. If you need to access a type in this assembly from
15 | // COM, set the ComVisible attribute to true on that type.
16 | [assembly: ComVisible(false)]
17 |
18 | // The following GUID is for the ID of the typelib if this project is exposed to COM
19 | [assembly: Guid("cac070c1-8b7e-4ba7-8f20-b3e4f56d2e03")]
20 |
--------------------------------------------------------------------------------
/HaveIBeenPwnedKeePassPlugin/PwEntryExtensions.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using KeePassLib;
3 |
4 | namespace HaveIBeenPwnedPlugin
5 | {
6 | public static class PwEntryExtensions
7 | {
8 | public static bool IsExpired(this PwEntry pwEntry)
9 | {
10 | if (pwEntry.Expires)
11 | {
12 | return DateTime.UtcNow >= pwEntry.ExpiryTime;
13 | }
14 |
15 | return false;
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/HaveIBeenPwnedKeePassPlugin/PwEntryIgnoreState.cs:
--------------------------------------------------------------------------------
1 | namespace HaveIBeenPwnedPlugin
2 | {
3 | internal enum PwEntryIgnoreState
4 | {
5 | None = 0,
6 |
7 | IsExpired = 1,
8 |
9 | IsIgnored = 2,
10 |
11 | IsEmptyPassword = 3,
12 |
13 | }
14 | }
--------------------------------------------------------------------------------
/KeePass.version:
--------------------------------------------------------------------------------
1 | :
2 | Have I Been Pwned Plugin:0.9.0.1
3 | :
4 |
--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2019 kapsiR
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Have I Been Pwned KeePass Plugin
2 |
3 | Simple [KeePass plugin] which uses the service [Have I Been Pwned](https://haveibeenpwned.com/) from [Troy Hunt](https://www.troyhunt.com)
4 |
5 | ## [Changelog](./CHANGELOG.md)
6 |
7 | ## Installation and Updates
8 | ### Requirements
9 | #### Windows
10 | - [.NET Framework 4.7.2](https://dotnet.microsoft.com/download/thank-you/net472) or higher
11 |
12 | #### Linux
13 | - [Mono 5.18](https://www.mono-project.com/docs/about-mono/releases/5.18.0/) or higher
14 | - On some Linux systems, the `mono-complete` package may be required for plugins to work properly ([Details on keepass.info](https://keepass.info/help/v2/setup.html#mono))
15 |
16 | ### How to install/update
17 | 1. Download the [latest release (.dll file) from GitHub](https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/releases)
18 | 2. In KeePass, click 'Tools' → 'Plugins' → button 'Open Folder'
19 | *KeePass now opens a folder called 'Plugins'*
20 | 3. Exit KeePass to free up the lock on the plugin
21 | 4. Move the plugin file into the 'Plugins' folder (replace if exists already)
22 | 5. Start KeePass again
23 |
24 | ### Uninstall
25 | 1. In KeePass, click 'Tools' → 'Plugins' → button 'Open Folder'
26 | *KeePass now opens a folder called 'Plugins'*
27 | 2. Exit KeePass to free up the lock on the plugin
28 | 3. Delete the plugin file
29 |
30 | ## Some impressions:
31 | - Check all passwords in the opened database
32 | 
33 |
34 | - Check all passwords status indicators
35 | 
36 |
37 | - Check all passwords result
38 | 
39 |
40 | - Show all entries which are pwned
41 | 
42 |
43 | - Check the current selected entry
44 | 
45 |
46 | - Check the current selected entry result
47 | 
48 |
49 | - Toggle the ignore-state of a single entry
50 | 
51 |
52 | [KeePass plugin]: https://keepass.info/help/v2/plugins.html
53 |
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 | # Security Policy
2 |
3 | ## General information
4 |
5 | KeePass [has been audited and is broadly trusted].
6 | There is a dedicated page about [plugins and plugin security].
7 | This plugin is listed in the [plugin directory] of KeePass.
8 |
9 | All accounts with write access to this repository are mandated to use two-factor authentication.
10 |
11 | ### Releases
12 |
13 | Release builds are configured to be deterministic. (Easily reproducible, since binary content is identical for the same input across compilations)
14 | The corresponding Git commit can be read from the product version of the assembly. (e.g. `0.7.1+39ecaf0b99` identifies [39ecaf0b99])
15 | Integrity hashes are available on the release page. (Since 2023-01)
16 |
17 | ### Updates
18 |
19 | KeePass queries the [KeePass.version] file for updates, but won't install any update automatically.
20 | It is recommended to specifiy appropriate file permissions for the plugin directory so that non-admin users can't hijack the plugin.
21 |
22 | ## Reporting a Vulnerability
23 |
24 | Please use the [private vulnerability reporting] that GitHub provides.
25 | I'll do my best to give a timely answer.
26 |
27 | For .NET Framework vulnerabilites contact the [Microsoft Security Response Center].
28 |
29 | [private vulnerability reporting]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/security/advisories
30 | [Microsoft Security Response Center]: https://msrc.microsoft.com/report/vulnerability/new
31 | [has been audited and is broadly trusted]: https://keepass.info/help/kb/trust.html
32 | [plugins and plugin security]: https://keepass.info/help/v2/plugins.html
33 | [39ecaf0b99]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/commit/39ecaf0b99f4c37139af6485a1bdc4d9a2c5171d
34 | [KeePass.version]: https://github.com/kapsiR/HaveIBeenPwnedKeePassPlugin/blob/v0.7.1/KeePass.version
35 | [plugin directory]: https://keepass.info/plugins.html
36 |
--------------------------------------------------------------------------------
/images/checkAllPasswords.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kapsiR/HaveIBeenPwnedKeePassPlugin/08c2c701798d4b445cb9c3c9837beceadd18d2ab/images/checkAllPasswords.jpg
--------------------------------------------------------------------------------
/images/checkAllPasswordsStatusBar.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kapsiR/HaveIBeenPwnedKeePassPlugin/08c2c701798d4b445cb9c3c9837beceadd18d2ab/images/checkAllPasswordsStatusBar.jpg
--------------------------------------------------------------------------------
/images/checkAllResult.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kapsiR/HaveIBeenPwnedKeePassPlugin/08c2c701798d4b445cb9c3c9837beceadd18d2ab/images/checkAllResult.jpg
--------------------------------------------------------------------------------
/images/checkSingleResult.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kapsiR/HaveIBeenPwnedKeePassPlugin/08c2c701798d4b445cb9c3c9837beceadd18d2ab/images/checkSingleResult.jpg
--------------------------------------------------------------------------------
/images/pwnedEntry.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kapsiR/HaveIBeenPwnedKeePassPlugin/08c2c701798d4b445cb9c3c9837beceadd18d2ab/images/pwnedEntry.jpg
--------------------------------------------------------------------------------
/images/showAllPwned.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kapsiR/HaveIBeenPwnedKeePassPlugin/08c2c701798d4b445cb9c3c9837beceadd18d2ab/images/showAllPwned.jpg
--------------------------------------------------------------------------------
/images/toggleIgnoreState.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kapsiR/HaveIBeenPwnedKeePassPlugin/08c2c701798d4b445cb9c3c9837beceadd18d2ab/images/toggleIgnoreState.jpg
--------------------------------------------------------------------------------
/version.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/main/src/NerdBank.GitVersioning/version.schema.json",
3 | "version": "0.9.0",
4 | "publicReleaseRefSpec": [
5 | "^refs/heads/master$"
6 | ],
7 | "cloudBuild": {
8 | "buildNumber": {
9 | "enabled": true
10 | }
11 | }
12 | }
--------------------------------------------------------------------------------