LastPass Pwned Passwords checker
This is a script for checking if any of the passwords you have stored in LastPass have been exposed through previous data breaches.
To use the script you need to have Python 3 installed and you need a CSV export of your LastPass vault. The export can be generated from the LastPass CLI with:
lpass export > lastpass.csv
or can be extracted with the browser plugin by going to the LastPass icon → More Options → Advanced → Export → LastPass CSV File (note that I did have problems getting this to work).
You can then run the above script on the file with:
python3 check-passwords.py lastpass.csv
or you can feed the passwords directly into the script from the LastPass CLI without writing them to disk by sending them to standard input:
lpass export | python3 check-passwords.py
Due to how the Pwned Passwords API works, the actual passwords will never leave your computer. A SHA1 checksum of the passwords will be generated and only the first 5 characters of that checksum will be sent to the API.
The script will print a line for each password found to be compromised along with the name of the site as saved in the vault along with the number of times the password has occurred in data breaches.