The web site https://haveibeenpwned.com/ provides a very useful service for you to test passwords. especially the stolen passwords.
However, it is simply unsafe to type in passwords on the web to check them.
Fortunately, https://haveibeenpwned.com/Passwords has provided archives for hashes of leaked passwords from known breaches. Those files are huge more than 12 GB (and more than double when uncompressed). A useful one is to get just the SHA-1 hash archive that is ordered by hash. Note that you’d need storage space to download that 12 GB and extracting it takes another storage space of more than double that (about 26 GB in addition)
First extract the archive file from the 7z archive e.g. using 7zip https://www.7-zip.org/download.html.
Next you’d need a tool to search that huge archive and test passwords. There are many on github, one of them e.g. https://github.com/pinae/HaveIBeenPwnedOffline. (note, this requires Python3 installed)
Place the binary_search.py python script in the same folder. It would be more convenient to edit the python script so that it reference the correct file, e.g.
parser.add_argument('--pwned-passwords-ordered-by-hash-filename', required=False,
default="pwned-passwords-sha1-ordered-by-hash-v7.txt")Finally we can test some passwords. e.g.
> python3 binary_search.py passwordSearching for hash 5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8…
