Design and Development of a Password Strength Auditor and Leak Detection Tool Using Python
Keywords:
Brute-force attack, Cybersecurity, Dictionary attack, Kali Linux, Leak detection, Password cracking, Password security, Python, SHA-256, Tkinter GUIAbstract
In today’s digital world, it is more important than ever to protect user credentials from cyber threats. Passwords are one of the most common entry points for cybercriminals. This study outlines the design and development of a password strength auditor and leak detection tool built entirely in Python on Kali Linux. Password strength is calculated on the basis of several factors, including password length, use of uppercase letters, lowercase letters, numbers, and special characters. SHA-256 hashing is employed for secure password storage. The system integrates ethical security tools to simulate password cracking attacks, including brute-force and dictionary attacks, using Crunch-generated wordlists and John the Ripper. Leak detection is implemented by comparing entered passwords against a curated database of known compromised credentials. A Tkinter-based graphical user interface (GUI) improves usability and accessibility. Evaluation results demonstrate that the system accurately classifies passwords as weak, medium, or strong, and provides actionable recommendations to improve password hygiene. The tool also serves as a practical learning platform for cybersecurity education.
References
Verizon, “2026 Data Breach Investigations Report,” Verizon Business, 2025.
W. Stallings, Cryptography and Network Security: Principles and Practice, 7th ed. Upper Saddle River, NJ: Pearson Education, 2017.
M. Bishop, Computer Security: Art and Science. Boston, MA: Addison-Wesley, 2005.
National Institute of Standards and Technology (NIST), “Technical Guide to Information Security Testing and Assessment,” NIST Special Publication 800-115, 2008, revised 2020.
National Institute of Standards and Technology (NIST), “Digital Identity Guidelines: Authentication and Lifecycle Management,” NIST Special Publication 800-63B, 2019.
Kali Linux, “Security Tools Guide,” Kali Linux Official Documentation, 2024.
Python Software Foundation, “hashlib — Secure Hash and Message Digest Algorithms,” Python Documentation, 2024.
D. Florêncio and C. Herley, “A large-scale study of web password habits,” in Proceedings of the 16th International Conference on World Wide Web (WWW ’07), New York, NY, USA: Association for Computing Machinery, 2007, pp. 657–666.
J. Bonneau, “The science of guessing: Analyzing an anonymized corpus of 70 million passwords,” 2012 IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2012, pp. 538–552.
B. Ur, et al., “How does your password measure up? The effect of strength meters on password creation,” in Proc. USENIX Security Symp., Bellevue, WA, Aug. 8–10, 2012, pp. 65–80.
National Institute of Standards and Technology (NIST), “Secure Hash Standard (SHS),” Federal Information Processing Standard Publication 180-4, 2015.
J. Zhu, Q. Qiao, and T. Zhang, “High performance participatory GIS—Application in emergency evacuation,” 2009 First International Workshop on Database Technology and Applications, Wuhan, China, 2009, pp. 422–425.
Open Web Application Security Project (OWASP), “OWASP Web Security Testing Guide v4.2,” 2021.
Openwall Project, “John the Ripper Password Security Auditing and Password Recovery Tool,” 2024.
Python Software Foundation, “tkinter—Python Interface to Tcl/Tk,” Python Documentation, 2024.
