Hi, this is Thermi writing. I am a long time friend of Hypfer and author of this post.
Today, pwnedlist notified me, that data of an online service I was using was stolen and they found one of my email addresses in the stolen data, as well as my password. The source of that data was only ominously named as „Large credentials cache“, so it was not immediately clear where it came from. Because I use a password safe, I can search in it for entries, but sadly only for names. So I couldn’t search for the password, but I could export the contents of the database as XML!
So I started hacking away.
What came of it was a python script that reads the exported XML data and recurses through it. When it encounters a password object in the XML tree, it hashes the password given in it and compares it with the password you specify in HASH.
The script is available on Github and is licensed in GPLv3. It requires defusedxml in version 0.4.1. I hope somebody finds it useful. You obviously have to change the hash function to match whatever hash you got.