'\" t
.\" Automatically generated by Pandoc 3.1.11.1
.\"
.TH "pwtool" "1" "29 October 2025" "pwtool 0.11.0" "User Manual"
.SH NAME
pwtool \- a convenience tool to make sane passwords and account
creations
.SH SYNOPSIS
\f[B]pwtool\f[R]
.PP
\f[B]pwtool \-\-number N\f[R]
.PP
\f[B]pwtool \-\-length N\f[R]
.PP
\f[B]pwtool \-\-[only]alpha\f[R]
.PP
\f[B]pwtool \-\-[only]numeric\f[R]
.PP
\f[B]pwtool \-\-[only]extended\f[R]
.PP
\f[B]pwtool \-\-[only]lowercase\f[R]
.PP
\f[B]pwtool \-\-[only]uppercase\f[R]
.PP
\f[B]pwtool \-\-md5 [\-\-salt STRING]\f[R]
.PP
\f[B]pwtool \-\-des [\-\-salt STRING]\f[R]
.PP
\f[B]pwtool \-\-bcrypt [\-\-salt STRING]\f[R]
.PP
\f[B]pwtool \-\-sha[1,256,512] [\-\-salt STRING]\f[R]
.PP
\f[B]pwtool \-\-username name\f[R]
.PP
\f[B]pwtool \-\-database name\f[R]
.PP
\f[B]pwtool \-\-createdatabase\f[R]
.PP
\f[B]pwtool \-\-password STRING\f[R]
.PP
\f[B]pwtool \-\-totp STRING\f[R]
.PP
\f[B]pwtool \-\-totpfmt\f[R]
.PP
\f[B]pwtool \-\-totpstep NUMBER\f[R]
.SH DESCRIPTION
\f[B]pwtool\f[R] is a utility to generate account passwords in a variety
of formats with helper output on \f[B]stdout\f[R].
By default the password strings are made of of letters and numbers for
easy mouse selection.
.PP
If you just want a simple password for use in a script
.IP
.EX
pwtool \-\-number 1
PVTevLyA9r
.EE
.PP
If you run \f[B]pwtool\f[R] without any options it will generate a
screen of passwords.
Pick one that you like!
.PP
As well as flexible password generation options a main goal is to output
user creation strings to copy and paste/execute as stdin so that
operators don\[cq]t have to re\-type passwords.
.PP
Crypts can be based on user supplied strings via the
\f[B]\-\-password\f[R] option or \f[B]PASSWORD\f[R] environment
variable.
.PP
The \f[B]\-\-format\f[R] string can expand values:
.IP
.EX
pwtool \-\-database billing \-\-username wonkeydonkey \-\-password hunter2 \-\-servername webby \-\-number 1 \-\-format \[aq]DB: %{database}\[rs]\[rs]nUSR: %{username}\[rs]\[rs]nPASSWORD: %{password}\[rs]\[rs]nSERVER: %{servername}\[rs]\[rs]n\[aq]
.EE
.PP
Other strings, such as \f[B]\-\-mysqlfmt\f[R], \f[B]\-\-pgfmt\f[R],
\f[B]\-\-mysqluserfmt\f[R], \f[B]\-\-userfmt\f[R], can generate
copy/paste shell commands:
.IP
.EX
pwtool \-\-username wonkeydonkey \-\-number 1 \-\-userfmt
useradd \-m \-s /bin/bash \-p \[aq]$5$hYhnxam4j/chBu3V$BsZsRl4nj6DTpEdFMfLuerPFR0xvCJmeGQCUjuG9qM1\[aq] wonkeydonkey # Y9YgmSyv1A
pwtool \-\-username wonkeydonkey \-\-database circus \-\-createdatabase \-\-number 1 \-\-mysqlfmt
create database circus; grant all privileges on circus.* to wonkeydonkey\[at]\[aq]%\[aq] identified with mysql_native_password as \[aq]*21c0a42c1bb43ff6b56226a6a65a8859dd077497\[aq]; \-\- # VfKptnR2ft
.EE
.PP
Optionally a salt string can be provided with \f[B]\-\-salt\f[R].
.SH TOTP
\f[B]pwtool\f[R] can work as a TOTP CLI and display TOTP authentication
strings.
.PP
If you want to leave a TOTP authentication display in your terminal, it
can run like this:
.IP
.EX
TOTP=\[dq]name=metalisbest,key=bar\[dq] pwtool \-\-totpfmt
.EE
.PP
It will then run and leave a display like this:
.IP
.EX
762269 [################# ] metalisbest
.EE
.PP
If you have multiple accounts, they can be displayed like this:
.IP
.EX
TOTP=\[dq]name=metalisbest,key=bar;name=grungeisbest,key=baz\[dq] pwtool \-\-totpfmt
523200 [####### ] metalisbest
523200 [####### ] grungeisbest
.EE
.PP
The following key=value pairs are supported:
.PP
.TS
tab(@);
l l.
T{
key
T}@T{
definition
T}
_
T{
key / totp
T}@T{
the totp string
T}
T{
name / username
T}@T{
a meaningful name for this key
T}
T{
step
T}@T{
number of step seconds
T}
T{
digits
T}@T{
the length of the output
T}
T{
algo
T}@T{
which hmac to use (sha1, sha256, sha512)
T}
T{
seconds
T}@T{
a user\-defined time
T}
.TE
.SH AUTHORS
Ed Neville (ed\-pwtool\[at]s5h.net).