A single-file, hacker-terminal styled password strength checker with a live matrix rain background, animated brute-force simulator, and realistic crack-time estimation — all running 100% client-side.
- Matrix rain background — animated canvas rain with CRT scanlines and vignette overlay
- Glitch-effect title — flickers periodically like a corrupted terminal signal
- Live strength meter — 5-segment meter, color-coded from critical (red) to fortress (cyan)
- Real entropy math — calculates charset size, entropy (bits), and total combinations from what you actually type
- Crack-time estimator — estimates time to crack assuming a 10 billion guesses/second offline attack, formatted from "instantly" up to centuries
- Brute-force console simulator — a live scrolling terminal that "attacks" your password in real time, cracking weak ones and giving up on strong ones
- Rule checklist — length, uppercase/lowercase, digits, symbols, common-password detection, and sequence/repeat detection
- Fully offline & private — no network requests, no logging, no storage. Everything runs in your browser.
No build step, no dependencies, no server required.
- Clone the repo
git clone https://github.com/<your-username>/password-audit.git cd password-audit
- Open
password-strength-hacker.htmldirectly in your browser, or serve it locally:then visitpython3 -m http.server 8000
http://localhost:8000/password-strength-hacker.html
password-audit/
├── password-strength-hacker.html # the entire app — HTML, CSS, and JS in one file
├── README.md
└── LICENSE
charset size = sum of character classes present (lowercase 26, uppercase 26, digits 10, symbols 33)
entropy (bits) = length × log2(charset size)
combinations = charset size ^ length
crack time = combinations ÷ guesses-per-second ÷ 2 (average case)
Common passwords (from a curated list) and passwords with obvious sequences (abc, 123, qwerty) or repeated characters are penalized heavily, since real attackers try dictionaries and pattern rules before brute force.
The 10B guesses/sec figure models a fast offline attack against a stolen, poorly-hashed password database. Online attacks against a live login form are typically far slower due to rate limiting.
- Vanilla HTML / CSS / JavaScript — no frameworks, no build tools
- JetBrains Mono & Share Tech Mono via Google Fonts
- HTML5 Canvas for the matrix rain effect
Pull requests are welcome. Ideas for future additions:
- Haveibeenpwned-style breach corpus checking (offline wordlist)
- zxcvbn-style pattern matching for more realistic scoring
- Dark/light terminal theme toggle
- Passphrase strength mode (Diceware-style)
Released under the MIT License — free to use, modify, and distribute.