This is a script for checking if any of the passwords you have stored in LastPass have been exposed through previous data breaches.
To use the script you need to have Python 3 installed and you need a CSV export of your LastPass vault. The export can be generated from the LastPass CLI with:
lpass export > lastpass.csv
or can be extracted with the browser plugin by going to the LastPass icon → More Options → Advanced → Export → LastPass CSV File (note that I did have problems getting this to work).
You can then run the above script on the file with:
python3 check-passwords.py lastpass.csv
or you can feed the passwords directly into the script from the LastPass CLI without writing them to disk by sending them to standard input:
lpass export | python3 check-passwords.py
Due to how the Pwned Passwords API works, the actual passwords will never leave your computer. A SHA1 checksum of the passwords will be generated and only the first 5 characters of that checksum will be sent to the API.
The script will print a line for each password found to be compromised along with the name of the site as saved in the vault along with the number of times the password has occurred in data breaches.
When I run it, nothing seems to happen. Not sure if it's because it's not finding anything (seems like it should report that, though), or because I use KeePass and so had to do an export then remove all columns except the password column, and there are a bunch of blank rows, or if there's some other issue. Also, for some reason when I copy/pasted the code, the last line wasn't indented, so that gave me an error and I had to fix it. Just FYI for anyone having an issue to check, not the fault of the code itself obviously.
Edit: I removed the blank rows and am still having the same issue. Also, I have over 300 passwords in my main KeePass folder, but the exported csv file contains less than 200, so something is clearly not working right there. Might have to ask about this on their forums.