Skip to content

Pwncheck 1.0.30 and a database update

We’re delighted to announce the latest release of pwncheck 1.0.30 – the fastest and safest way to find users with pwned passwords on your Active Directory network, offline and without sending your hashes to the cloud.

The purpose of this release is to bring pwncheck inline with the latest version of Troy Hunt’s Have I Been Pwned database, using the new API described in this blog post. The number of unique breached passwords we now check against is over 851 million.

We recommend that you run pwncheck to ensure that none of your Active Directory users are currently using a compromised password, likely to be present in the latest credential stuffing and password spraying lists.

The latest pwncheck documentation has been updated accordingly and can be downloaded here

To update safepass.me (assuming you are running v8.0.5), you can use the following powershell script:

#Stop on error
$ErrorActionPreference = “Stop”
#speedup Invoke-WebRequest
$ProgressPreference = ‘SilentlyContinue’

#download the database
Invoke-WebRequest -Uri https://downloads.safepass.me/support/HIBPv9-extra.dat -OutFile \HIBPv8-extra.dat
if ((Get-FileHash -Algorithm SHA256 \HIBPv8-extra.dat).Hash -ne “12C9BE9E844BD75F4F1FA1F1F754A68A1AAE7ECF113024BB3A06464B04DAD2B9”) {
Write-Error “Error downloading HIBPv9-extra.dat”
}
Invoke-WebRequest -Uri https://downloads.safepass.me/support/HIBPv9.dat -OutFile \HIBPv8.dat
if ((Get-FileHash -Algorithm SHA256 \HIBPv8.dat).Hash -ne “EE1B91DD723474D06264CFCEAE6E2363F5B12C210D23388AF86F1430041753DB”) {
Write-Error “Error downloading HIBPv9.dat”
}

#upload it to the DCs
Get-ADDomainController -filter *|%{
Start-Job -Name “SafePass-$_” -ArgumentList ($_) -ScriptBlock {
param ([string[]] $_)
Write-host “Performing actions on $($_)”
Copy-Item \HIBPv8-extra.dat \$_\C$\windows\system32\safepassme\HIBPv8-extra.dat
Copy-Item \HIBPv8.dat \$_\C$\windows\system32\safepassme\HIBPv8.dat
}
}

#Monitor job progress
DO {
Get-Job|Receive-Job
} while (Get-job -State Running|?{$_.Name -match “SafePass-*”})
Get-job|remove-job -Force
Remove-Item \HIBPv8.dat,\HIBPv8-extra.dat -Confirm:$true
Test Drive Pwncheck

The best way to find out if pwncheck is right for you is to try it out. Use the download button below to try Pwncheck's free version with absolutely zero strings attached, no form entry required.

If you'd like to test drive the full version fill in the form and we'll send you a single-use evaluation licence (normally $150, €120 or £100).