Skip to content
clusters: prooflayer · edgemarket · edgefinance · synthforge · mediakit · wordmint · webprobe · locale · comppoint · rollforge · bestiary · statline · matchpoint · retail · agentops · browserworkflow · modelrouter · compose
$ man password-strength

/password-strength

agentutility / web-probe / password-strength
PRICE / CALL
$0.02
USDC · base mainnet · scheme: exact
METHOD
POST
CLUSTER
webprobe
CATEGORY
utilities
STATUS
live
NAME
password-strength measures password strength with a zxcvbn-style score and optional hibp breach lookup
SYNOPSIS
POST https://x402.agentutility.ai/password-strength
     Content-Type: application/json
     X-PAYMENT:    <signed-transferWithAuthorization>

     { ... }
↳ first call → 402 Payment Required. Sign USDCtransferWithAuthorization, retry with theX-PAYMENT header.
DESCRIPTION

Measures password strength with a zxcvbn-style score and optional HIBP breach lookup. Returns a 0-100 score and weak/fair/good/strong/excellent bucket, Shannon entropy bits, charset size, character-class breakdown (lower/upper/numbers/symbols), common-pattern detection (sequences, keyboard walks, repeats, dictionary words), and crack-time estimates across throttled/unthrottled/offline-slow/offline-fast attacker models. The optional Have-I-Been-Pwned check uses k-anonymity: only the first 5 chars of the SHA-1 hash leave the worker. Use it as a password strength meter, password checker, password entropy calculator, pwned password check, or password validator.

INPUTrequest schema
propertytypedescriptionreq?
passwordstringPassword to score. Sent over TLS to the worker but never logged. Max 200 chars.required
check_breachesbooleanIf true (default), also performs a HIBP k-anonymity lookup and returns breach_count + is_breached. Set false to skip the network call for fully offline scoring.optional
OUTPUTresponse shape
fieldtypedescription
scorenumberOverall password strength score, typically 0-100 combining entropy, length, and pattern penalties.
bucketstringStrength label like very-weak, weak, fair, strong, or very-strong derived from the score.
lengthnumberCharacter count of the submitted password.
entropy_bitsnumberShannon entropy estimate in bits based on charset size and length.
charset_sizenumberSize of the effective character pool used for entropy math (e.g., 26, 62, 95).
character_classesobjectPer-class flags showing which sets appear: lowercase, uppercase, digits, symbols.
character_class_countnumberNumber of distinct character classes present (0-4).
common_patterns_foundarrayList of detected weak patterns like dictionary words, sequences, keyboard walks, or dates.
estimated_crack_timeobjectCrack-time estimates for online, offline, and GPU attack scenarios as human-readable durations.
breach_countnumberNumber of times the password appears in the Have I Been Pwned corpus.
is_breachedbooleanTrue when breach_count is greater than zero in the HIBP dataset.
breach_check_performedbooleanTrue when the HIBP k-anonymity lookup ran successfully for this request.
feedbackarrayActionable suggestions to strengthen the password, such as add length or mix character classes.
notestringServer-side note about scoring caveats, HIBP fallback, or privacy guarantee that the password never leaves.
EXAMPLEStwo ways to call
EXAMPLE 1 · curl
curl -X POST https://x402.agentutility.ai/password-strength \
  -H 'Content-Type: application/json' \
  -d '{ }'
first response = 402 Payment Required with payment requirements; sign + retry with X-PAYMENT.
EXAMPLE 2 · mcp
# Install the MCP package for this endpoint's cluster
npx -y @agentutility/mcp-<cluster>

# Required: EVM private key with USDC on Base
export X402_PRIVATE_KEY=0x...

# Then call the password-strength tool from your MCP-aware agent.
MCP server handles payment automatically — your coding agent just calls the tool by name.
METADATA
tags
passwordsecurityentropyhibpbreach
methods
POST
cluster
webprobe
price
$0.02 USDC per call
ADJACENTother endpoints in webprobe
endpointdescriptionprice
archive-snapshotFinds the closest archived snapshot of a public URL, like a Wayback Machine API.$0.02
archive-snapshot-apiFinds archived snapshots of public web pages, returning the closest Wayback Machine captures with timestamps, status codes, and replay URLs.$0.02
archive-urlLooks up the archived copy of a public URL closest to a given timestamp and can fetch cleaned archived page text.$0.02
brand-domain-checkChecks whether a brand or company domain is established, expiring, registrar-locked, or newly registered, on the same RDAP backend as who…$0.02
brand-watch-domain-riskChecks new or suspicious brand-adjacent domains for age, registrar, expiry, DNSSEC, and transfer/lock statuses.$0.02
creator-domain-checkChecks creator, newsletter, podcast, and community domains for age, expiry, registrar, DNSSEC, and suspicious new-registration flags.$0.02
dmarc-checkAudits a domain's email authentication posture: DMARC, SPF, and DKIM in one check.$0.02
dns-lookupFull DNS lookup over Cloudflare 1.1.1.1 DNS-over-HTTPS.$0.02
SEE ALSO
agentutility · webprobe · x402 · mcp · llms.txt · registry.json · bazaar.x402.org