GitFortify is a password security analysis platform using Shannon Entropy mathematics, adversarial pattern analysis, and real-time breach detection. It simulates real-world attack scenarios while maintaining 100% zero-knowledge privacy through k-Anonymity architecture.
- Shannon Entropy calculation with heuristic pattern matching
- Real-time breach detection (17B+ records via HIBP)
- Email exposure detection through XposedOrNot API
- Zero-knowledge privacy with k-Anonymity protocol
- Four-scenario attack modeling (online/offline/GPU)
- Geospatial breach visualization
- GDPR compliant, OWASP Top 10 secure
- React 18.3.1 + Vite 7.2.7
- Tailwind CSS + React Router
- zxcvbn 4.4.2 for password analysis
- recharts 3.5.1 for visualizations
- HIBP & XposedOrNot APIs
Privacy-First Breach Detection (k-Anonymity)
1. SHA-1 hash password in browser (WebCrypto API)
2. Send only first 5 characters to HIBP API
3. API returns 500+ potential hash suffixes
4. Match full hash locally in-memory
5. Reveal breach status without exposing password
| Metric | Value |
|---|---|
| Password Analysis | <100ms |
| Breach API Query | <500ms |
| Bundle Size (gzip) | 621 KB |
import { SecurityEngine } from './services/security/SecurityEngine';
import { checkPwnedPassword, checkEmailBreach } from './services/hibp/HIBPService';
SecurityEngine.analyze('password');
await checkPwnedPassword('password');
await checkEmailBreach('email@example.com');- Passwords never transmitted to external servers
- All cryptography client-side
- k-Anonymity prevents API database exposure
- No session tracking, HTTPS enforced
- GDPR compliant
See CONTRIBUTING.md for standards.
GNU General Public License v3.0 - See LICENSE