← Back to Skills Marketplace
ibnaleem

Weakpass

by Shaffan · GitHub ↗ · v1.0.0 · MIT-0
linuxdarwinwin32 ⚠ pending
0
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install weakpass
Description
Search hashes through 25 billion leaked passwords using the Weakpass API (no API key required).
README (SKILL.md)

\r \r

Weakpass\r

\r One primary service, no API keys needed.\r \r

API References:\r

\r

Searching Hashes\r

\r Search supplied hash in the database. You do not need to specify exact hash type.\r \r Required arg: hash\r \r Hash must have size between 32 and 64 characters and contains only next chars - [A-Fa-f0-9]\r \r JSON:\r

curl -X 'GET' 'https://weakpass.com/api/v1/search/12345678902dd833fc9db9d72e9483c5.json' -H 'accept: application/json'\r
# Output: { "type": "md5", "hash": "12345678902dd833fc9db9d72e9483c5", "pass": "4kgdjv1"}\r
```\r
\r
Text/plain:\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/search/12345678902dd833fc9db9d72e9483c5.txt' -H 'accept: text/plain'\r
# Output: md5;12345678902dd833fc9db9d72e9483c5;4kgdjv1\r
```\r
\r
## Searching Ranges\r
\r
Retrieve a list of hash-password pairs based on a specific prefix.\r
\r
Required arg: hash prefix\r
Optional args:\r
- filter: ["hash", "pass"]\r
- type: ["md5", "ntlm", "sha1", "sha256"]\r
\r
Hash prefix must have size between 6 and 64 characters and contains only next chars - [A-Fa-f0-9]\r
\r
If the hash filter is selected, it will return only hashes in the range of the hash prefix\r
\r
If the pass filter is selected, it will return only passwords in the range of the hash prefix\r
\r
Get hash-password pairs with a hash prefix range in JSON:\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/range/f2df2a.json' -H 'accept: application/json'\r
# Output: [{"hash": "f2df2a00138a4f18bb49a8f16bc51dbd","pass": "m6o6veja5y"},{"hash":"f2df2a003215c2063f56f4dccd4a94b6","pass": "viDushiBhaDana"},{...}]\r
```\r
\r
Get hash-password pairs with a hash prefix range in text/plain:\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/range/f2df2a.txt' -H 'accept: text/plain'\r
# Output: \r
#         f2df2a00138a4f18bb49a8f16bc51dbd:m6o6veja5y\r
#         f2df2a003215c2063f56f4dccd4a94b6:viDushiBhaDana\r
#         f2df2a0063a32dc7e3c8ec9fb7a0328c:Carbel@\r
#         ...\r
```\r
\r
Get hash-password pairs with a hash prefix range and a hash type in JSON:\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/range/f2df2a.json?type=sha1' -H 'accept: application/json'\r
# Output: [{"hash": "f2df2a0059611f885f7c98eafcf70d9440f4166c","pass": "a`7^x"},{"hash":"f2df2a014638901607ec9570815bb9d25c0dccea","pass": "6984egon"},{...}]\r
```\r
\r
Get hash-password pairs with a hash prefix range and a hash type in text/plain:\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/range/f2df2a.txt?type=sha1' -H 'accept: text/plain'\r
# Output:\r
#         f2df2a0059611f885f7c98eafcf70d9440f4166c:a`7^x\r
#         f2df2a014638901607ec9570815bb9d25c0dccea:6984egon\r
#         f2df2a03cf01794e5171a94f7739fb9ccc060d2b:MelBay\r
#         ...\r
```\r
\r
Get hashes with a hash prefix range and a filter for hashes in JSON:\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/range/f2df2a.json?filter=hash' -H 'accept: application/json'\r
# Output: [{"hash": "f2df2a00138a4f18bb49a8f16bc51dbd"},{"hash": "f2df2a003215c2063f56f4dccd4a94b6"},{...}]\r
```\r
\r
Get hashes with a hash prefix range and a filter for hashes in text/plain:\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/range/f2df2a.txt?filter=hash' -H 'accept: text/plain'\r
# Output:\r
#         f2df2a00138a4f18bb49a8f16bc51dbd\r
#         f2df2a003215c2063f56f4dccd4a94b6\r
#         f2df2a0063a32dc7e3c8ec9fb7a0328c\r
#         ...\r
```\r
\r
### Combining Filters and Types\r
\r
You can combine filters and types together.\r
\r
Get hashes with a hash prefix range, a filter for hashes, and a hash type in JSON:\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/range/f2df2a.json?filter=hash&type=sha1' -H 'accept: application/json'\r
# Output: [{"hash": "f2df2a0059611f885f7c98eafcf70d9440f4166c"},{"hash": "f2df2a014638901607ec9570815bb9d25c0dccea"},{...}]\r
```\r
\r
Get hashes with a hash prefix range, a filter for hashes, and a hash type in text/plain:\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/range/f2df2a.txt?filter=hash&type=sha1' -H 'accept: text/plain'\r
# Output:\r
#         f2df2a0059611f885f7c98eafcf70d9440f4166c\r
#         f2df2a014638901607ec9570815bb9d25c0dccea\r
#         f2df2a03cf01794e5171a94f7739fb9ccc060d2b\r
#         ...\r
```\r
\r
Get passwords with a hash prefix range, a filter for passwords, and a hash type in JSON:\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/range/f2df2a.json?filter=pass&type=sha1' -H 'accept: application/json'\r
# Output: [{"pass": "a`7^x"},{"pass": "3"},{"pass":"MelBay"}. {"pass":"KORESSA3790"}, {...}]\r
```\r
\r
Get passwords with a hash prefix range, a filter for passwords, and a hash type in text/plain:\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/range/f2df2a.txt?filter=pass&type=sha1' -H 'accept: text/plain'\r
# Output:\r
#         a`7^x\r
#         6984egon\r
#         MelBay\r
#         ...\r
```\r
\r
## Generating Wordlists\r
\r
Generate wordlist for a certain words based on specific hashcat rules\r
\r
Required args:\r
\r
- word: the word to generate a wordlist on using the specified hashcat rules\r
\r
- set: [\r
  "online.rule", "top_3000.rule", "top_1500.rule", "top_750.rule", "top_500.rule", "top_250.rule", \r
  "nsa_64.rule", "numbers.rule", "numbers100.rule", "years_1900_2025.rule", "years.rule", "symbols.rule"\r
  ]\r
\r
- type: ["txt", "json"]\r
\r
\r
Generate a wordlist of the word "myword" with a rule set "online.rule" using type "txt":\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/generate/myword?set=online.rule&type=txt' -H 'accept: text/plain'\r
# Output:\r
#         myword\r
#         Myword\r
#         MYWORD\r
#         ...\r
```\r
\r
Generate a wordlist of the word "myword" with a rule set "top_3000.rule" using type "json":\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/generate/myword?set=top_3000.rule&type=json' -H 'accept: text/plain'\r
# Output: ["myword","yword","word","rd","ord","ywordm","wordmy","myword1","d","drowym",...]\r
```\r
\r
Yes, even though the type is json, the header is still `'accept: text/plain'`.\r
\r
## Getting Wordlists\r
\r
Retrieve available wordlists on Weakpass or get wordlists data in chunks of specified size.\r
\r
Getting available wordlists:\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/wordlists' -H 'accept: application/json'\r
# Output: \r
#         10_million_password_list_top_10000.txt\r
#         hashmob.net.small.found.txt\r
#         ignis-10K.txt\r
#         nsa64.rule\r
#         rockyou.txt\r
```\r
\r
Getting wordlist/rule data in chunks\r
\r
Required arg:\r
\r
wordlist: ["10_million_password_list_top_10000.txt", "hashmob.net.small.found.txt", "ignis-10K.txt", "nsa64.rule", "rockyou.txt"]\r
\r
```bash\r
curl -X 'GET' 'https://weakpass.com/api/v1/wordlists/10_million_password_list_top_10000.txt' -H 'accept: text/plain'\r
# Output: [file]\r
Capability Tags
requires-sensitive-credentials
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install weakpass
  3. After installation, invoke the skill by name or use /weakpass
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of weakpass skill. - Search hashes against 25 billion leaked passwords via the Weakpass API, no API key required. - Lookup hash-password pairs in ranges with optional filters and hash type. - Generate custom wordlists for given words using popular hashcat rules. - Retrieve available wordlists and download their contents by chunk. - Supports both JSON and text/plain responses for most endpoints.
Metadata
Slug weakpass
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Weakpass?

Search hashes through 25 billion leaked passwords using the Weakpass API (no API key required). It is an AI Agent Skill for Claude Code / OpenClaw, with 0 downloads so far.

How do I install Weakpass?

Run "/install weakpass" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Weakpass free?

Yes, Weakpass is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Weakpass support?

Weakpass is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created Weakpass?

It is built and maintained by Shaffan (@ibnaleem); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments