A comprehensive client-side password analysis tool that demonstrates how attackers identify and exploit weak passwords - for defensive security education only.
Live Demo: Password-Analyzer
β¨ Features
π Live Demo
π οΈ Technical Details
π Project Structure
π― How to Use
π Privacy & Security
π Educational Value
π Troubleshooting
π License
This tool operates entirely in your browser. No passwords are transmitted, stored, or shared. This application exists solely for defensive security education to help users understand password vulnerabilities and create stronger passwords.
π Password Strength Analysis
- Real-time strength scoring (0-100 scale)
- Entropy calculation (bits of randomness)
- Character composition analysis
- Pattern detection (keyboard patterns, repetitions, leetspeak)
- Defensive recommendations with specific improvements
- Dictionary Attack: Tests against 10,000+ common passwords
- Brute Force: Systematic character-by-character guessing
- Hybrid Attack: Dictionary words with character substitutions
- Visual progress indicators with estimated cracking times
- Real-time attack simulation with visual feedback
- How attackers crack passwords - detailed methodologies
- Password creation best practices - do's and don'ts
- Additional security measures - 2FA, password managers, breach monitoring
- Interactive examples - test common password patterns
-Tab-based navigation (Analyzer, Simulation, Education) -Real-time visual feedback with color-coded strength meters -Interactive progress bars for attack simulations -Responsive design works on desktop and mobile -Dark theme with gradient backgrounds
Access the tool directly: π https://bd-mutant7.github.io/Password-Analyzer/ or https://password-analyzer-sigma.vercel.app/
Client-Side Architecture
- No server-side processing - everything runs in your browser
- No data transmission - passwords never leave your device
- No storage - no passwords are saved or logged
- No external dependencies - completely self-contained HTML/CSS/JS
- HTML5 - Semantic structure and accessibility
- CSS3 - Modern gradients, flexbox, grid, animations
- Vanilla JavaScript - No frameworks, pure ES6+
- GitHub Pages - Static hosting with automatic SSL
- β Zero data collection - completely anonymous
- β No tracking - no analytics, no cookies
- β Local execution only - runs entirely in browser sandbox
- β Open source - fully transparent codebase
Password-Analyzer/
βββ index.html # Main application (required)
βββ 404.html # GitHub Pages redirect fix
βββ README.md # This documentation
βββ .nojekyll # Disables Jekyll processing
βββ assets/ # (Optional) For future images/icons
βββ screenshot1.png
βββ screenshot2.png
# Clone the repository
git clone https://Bd-Mutant7.github.io/Password-Analyzer.gitopen index.html # Mac start index.html # Windows xdg-open index.html # Linux
Single File Download
- Download index.html
- Double-click to open in any browser
- That's it! No installation needed
- Password Analysis Tab
1. Enter any password in the input field
2. Click "Analyze Password"
3. View:
- Strength score (0-100)
- Entropy measurement
- Character composition
- Detected vulnerabilities
- Improvement recommendations
- Attack Simulation Tab
1. Enter a password to test
2. Click "Run Attack Simulation"
3. Watch three attack methods:
- Dictionary (checks common passwords)
- Hybrid (dictionary + variations)
- Brute Force (systematic guessing)
4. See estimated cracking time
3. Security Education Tab
text
β’ Learn about different attack methodologies
β’ Discover password creation best practices
β’ Understand additional security layers
β’ Get defensive security tips
| Password | Expected Strength | Description |
|---|---|---|
password123 |
Very Weak | Common password with numbers |
Tr0ub4dour&3 |
Moderate | Complex but predictable |
CorrectHorseBatteryStaple |
Strong | Long passphrase |
X&$9pL2@qF!n |
Very Strong | Random characters |
- Length is often more important than complexity alone.
- Avoid common words with simple substitutions (e.g.,
@fora,0foro). - Consider using long passphrases instead of short complex passwords.
- Always store passwords in a trusted password manager.
What We DON'T Do
- β Never transmit passwords over network
- β Never store passwords in any form
- β Never use analytics or tracking
- β Never require internet connection
- β Never use third-party scripts
- β Never set cookies for passwords
- β Run 100% in browser sandbox
- β Use only client-side JavaScript
- β Provide educational insights
- β Help improve security awareness
- β Offer defensive recommendations
- Why password length matters more than complexity
- How attackers use dictionary and brute force attacks
- The danger of password reuse
- How to create memorable but secure passphrases
- When to use password managers
- Password policy best practices
- Importance of hashing algorithms
- Rate limiting and account lockout strategies
- Multi-factor authentication benefits
- Security awareness training resources
- How to implement secure password storage
- Common authentication vulnerabilities
- Client-side vs server-side validation
- Security headers and best practices
- Contributions are welcome! Please follow these guidelines:
- Fork the repository
- Create a feature branch (git checkout -b feature/improvement)
- Commit changes (git commit -m 'Add some feature')
- Push to branch (git push origin feature/improvement)
- Open a Pull Request
- Maintain client-side only architecture
- Preserve privacy/security guarantees
- Keep educational focus
- Test thoroughly before submitting
- Update documentation as needed
This project is for educational purposes only. All code is provided as-is for defensive security education.
- β Use for personal security education
- β Use for classroom/workshop demonstrations
- β Use for security awareness training
- β Modify for personal/educational use
- β Do not use for malicious purposes
- β Do not use to attack systems you don't own
- β Do not redistribute as your own without attribution
- β Do not use in commercial products without modification
If you use this tool in presentations or training, please credit: "Password Strength Analyzer with Security Simulation - Defensive Security Education Tool"
- OWASP Password Storage Cheat Sheet
- NIST Digital Identity Guidelines (SP 800-63)
- Have I Been Pwned?
- KeePass Password Manager
- Use unique passwords for every account
- Enable Multi-Factor Authentication (MFA)
- Store passwords in a trusted password manager
- Regularly check if your email appears in known data breaches
https://api.star-history.com/svg?repos=bd-mutant7/Password-Analyzer&type=Date