Internship Project @ NewtonAI Technologies
SentinelPass is a command-line Python tool developed during a cybersecurity internship at NewtonAI Technologies. The tool evaluates the strength of passwords using both regex-based logic and the zxcvbn library, and simulates real-world password attacks using John the Ripper (JtR). This dual-purpose utility aims to raise awareness about password hygiene while educating users on attacker methodologies.
- ✅ Educate users about weak vs strong passwords through real-time feedback.
- ✅ Demonstrate dictionary-based cracking using John the Ripper.
- ✅ Promote cybersecurity awareness and responsible password practices.
- ✅ Provide a practical and educational example of penetration testing workflows.
- 🔍 Regex-based static password strength evaluation
- 📊 Dynamic password scoring via zxcvbn (entropy-based)
- 🧪 Realistic cracking simulation using John the Ripper
- 🔐 Hidden password input using Python’s
getpass - 🎨 Color-coded CLI feedback (via
termcolor) - 📝 Password evaluation logs saved in a structured
.logfile - 💻 Designed and tested in Kali Linux – ideal for ethical hacking labs
| Component | Description |
|---|---|
| Python 3.10+ | Core language for development |
| zxcvbn | Dropbox’s password strength estimator |
| termcolor | Terminal color feedback for better UX |
| getpass | Hides password input in CLI |
| John the Ripper | Simulates dictionary attacks (sha512crypt) |
| Kali Linux | Penetration testing OS for realistic scenarios |
password-security-tool/
├── data/
│ └── john_test/
│ ├── shadow_hash.txt # Hashed passwords (for JtR simulation)
│ └── wordlist.txt # Dictionary for cracking
├── modules/
│ ├── zxcvbn_checker.py # zxcvbn-based scoring module
│ └── logger.py # Logging utility for password evaluations
├── reports/
│ └── password_evaluations.log # Output logs for evaluations
├── src/
│ └── main.py # CLI main script
├── requirements.txt # Python dependencies
├── README.md # Project documentation
└── venv/ # Python virtual environment (excluded from Git)
---
## 🔧 Installation
### Step 1 – Clone the Repository
```bash
git clone https://github.com/donutt2u/password-security-tool.git
cd password-security-tool
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txtpython3 src/main.py- You’ll be prompted to enter a password.
- The strength is evaluated using regex and zxcvbn.
- Results are logged to:
reports/password_evaluations.log
sudo apt update && sudo apt install johnjohn --wordlist=data/john_test/wordlist.txt --format=sha512crypt data/john_test/shadow_hash.txtjohn --show data/john_test/shadow_hash.txtzxcvbn
termcolorThis tool is for educational and ethical purposes only.
Unauthorized use of password cracking tools is illegal and unethical. Always obtain explicit written permission before performing any security assessments.
Compliant With:
- OWASP A07:2021 – Identification and Authentication Failures
- ISO/IEC 27001:2022 – Annex A.9: Access Control
- NIST SP 800-63B – Digital Identity Guidelines
- Internship project supervised by NewtonAI Technologies
- Inspired by best practices from OWASP, NIST, and the ethical hacking community
- Built using open-source libraries and tools
Muhammad Arslan Akhtar
📧 arslan@premiumhouseware.co.uk
🔗 LinkedIn
🐙 GitHub
🔐 HackerOne