Pen Settings



CSS Base

Vendor Prefixing

Add External Stylesheets/Pens

Any URL's added here will be added as <link>s in order, and before the CSS in the editor. If you link to another Pen, it will include the CSS from that Pen. If the preprocessor matches, it will attempt to combine them before processing.

+ add another resource


Babel includes JSX processing.

Add External Scripts/Pens

Any URL's added here will be added as <script>s in order, and run before the JavaScript in the editor. You can use the URL of any other Pen and it will include the JavaScript from that Pen.

+ add another resource


Add Packages

Search for and use JavaScript packages from npm here. By selecting a package, an import statement will be added to the top of the JavaScript editor for this package.


Save Automatically?

If active, Pens will autosave every 30 seconds after being saved once.

Auto-Updating Preview

If enabled, the preview panel updates automatically as you code. If disabled, use the "Run" button to update.

Format on Save

If enabled, your code will be formatted when you actively save your Pen. Note: your code becomes un-folded during formatting.

Editor Settings

Code Indentation

Want to change your Syntax Highlighting theme, Fonts and more?

Visit your global Editor Settings.


  <div class="container">
    <div class="row justify-content-md-center">
      <div class="col">
        <h1>Verificador de Contraseñas Comprometidas</h1>
        <p>Verifica las contraseñas contra la base de datos de <a href="" target="_blank">Have I Been Pwned's</a> que contiene la mayor colección de contraseñas reveladas por filtraciones de datos. </p>

      <form action="#" onsubmit="return false;">
      <!--    only code needed    -->
      <div class="input-group mb-3">
        <label for="password" class="sr-only">Password</label>
        <input id="password" type="password" class="form-control" placeholder="Contraseña">
        <div class="input-group-append">
          <button class="btn btn-outline-secondary" type="button" id="checkpass">Verificá la Contraseña</button>

      <small class="form-text text-muted">La contraseña real no es enviada a un servidor externo, solamente los primeros 5 caracteres del hash encriptado.<br><br></small>

    <div id="alert" class="alert invisible" role="alert"></div>
<p class="collection">
<a href="" target="_blank">CiberSergei Hacks <br>  de Productividad</a>



.collection {
  position: fixed;
  z-index: 1000;
  width: auto;
  bottom: 0;
  justify-content: right;
  right: 0;
  margin: 15px;
  padding: 0;
  font-family: 'Montserrat', sans-serif;
  font-size: 16px;

.collection a {
  display: inline-block;
  background: #000;
  opacity: 0.4;
  transition: opacity 0.7s;
  margin-left: 5px;
  padding: 5px;
  text-decoration: none;
  font-weight: bold;
  color: #fff;

.collection a:hover {
  opacity: 1;



                async function sha1(message) {
  // encode as UTF-8
  const msgBuffer = new TextEncoder('utf-8').encode(message);

  // hash the message
  const hashBuffer = await crypto.subtle.digest('SHA-1', msgBuffer);

  // convert ArrayBuffer to Array
  const hashArray = Array.from(new Uint8Array(hashBuffer));

  // convert bytes to hex string
  const hashHex = => ('00' + b.toString(16)).slice(-2)).join('');
  return hashHex;

function checkPass() {
	var password = document.getElementById('password');
  var hashed;

	// update input with generated hash
	if (password.value !='') {
    sha1(password.value).then(function(hash) {
      hashed = hash.toUpperCase();

      // get the first few characters
      var first = hashed.substring(0, 5);
      // output remaining characters
      var last = hashed.substring(5);

      // make the request passing over the 5 chars
      apiRequest(first, function(output){
        var arr = output.split('\r\n');
        var count = 0;
        var alertBox = document.getElementById('alert');
        var alertDanger = 'No recomendado! La Contraseña fue encontrada en bases de datos comprometidas. Se contaron: ';
        var alertSuccess = 'Muy bien! La contraseña no fue encontrada en bases de datos comprometidas.';
        var alertWarning = 'Parece que algo dio errado. Intenta nuevamente.';

        arr.forEach(function(element) {
        	// match orig hash against return blob
          if(element.slice(0,35) == last.toString()) {
          	// get count after returned hashes format (hash:count)
            count = element.slice(36);

        // update alert with info about count
        if (count > 0) {
          // found
	        alertBox.innerHTML = alertDanger + count + " casos.";
	      } else if (count == 0) {
          // not found
	        alertBox.innerHTML = alertSuccess;
        } else {
          // something went wrong
	        alertBox.innerHTML = alertWarning;

// GET method for cacheing HIBP API
function apiRequest(request, handleData) {
  var hibp_request = '' + request;
  var xhr = new XMLHttpRequest();'GET', hibp_request);

  xhr.onreadystatechange = function () {
    var DONE = 4; // readyState 4 means the request is done.
    var OK = 200; // status 200 is a successful return.
    if (xhr.readyState === DONE) {
      if (xhr.status === OK) {
        // next steps
      } else {
        // An error occurred during the request.
        console.log('Error: ' + xhr.status);

var checkPassBtn = document.getElementById('checkpass');
checkPassBtn.addEventListener('click', checkPass);