Why pwncheck?

pwncheck is a self-contained, thorough and efficient solution that allows you to quickly address the number one security problem today: compromised and vulnerable passwords. It’s the only solution on the market that will perform a comprehensive check of your users’ passwords and provide you with:

Is pwncheck free?

pwncheck will provide the following information for free:

To get the list of accounts using breached password, there is a small, reasonable fee of $150, €120 or £100.

How does it work?

Pwncheck requires no installation and may be run on any machine that has connectivity to a Domain Controller.

Getting and running pwncheck couldn’t be any easier:


How do I grant the correct permissions?

You can either use a Domain Admin account or you can grant just the required permissions with the following Powershell code:

#Just substitute the pwncheck account below with the account you want to assign replication privileges with

$Account = "pwncheck"

$RootDSE = [ADSI]"LDAP://RootDSE"
$DefaultNamingContext = $RootDse.defaultNamingContext

$cmd = "dsacls '$DefaultNamingContext' /G '`"$Account`":CA;`"Replicating Directory Changes`";'"
Invoke-Expression $cmd
$cmd = "dsacls '$DefaultNamingContext' /G '`"$Account`":CA;`"Replicating Directory Changes All`";'"
Invoke-Expression $cmd
$cmd = "dsacls '$DefaultNamingContext' /G '`"$Account`":CA;`"Replicating Directory Changes In Filtered Set`";'"
Invoke-Expression $cmd

Free Download