Of course I have.

So have you. In some way or another a company has flubbed and let someone else get your information. That information may be my credentials or personal data, but it’s out there somewhere; usually through our email address. A quick search on Google News will show how often it happens.

Have I Been Pwned? is a great resource to check what data and what services are leaked so we can fix it. It’s kinda like the WebMD of personal info. Lots of info. Much concern after looking at it.

The site provides an API for a geek like me (or a system admin in need of a quick way to regularly check on users) to look up the emails we use to sign in to so many sites and see if they have been compromised. I have used recon-ng, which has a great module for checking against HIBP, but I really don’t want to fire up my VM just to do some checking of the family emails.

This is where the hibp_quickCheck was born. I put together a python script that will query the API for a single email or a batch of them, check a breach or a paste and let the runner know where each email stands.

The simplest check is for one email and a breach:

./hibp_check.py breach -e [email protected]

This will come back with any breach info on the email provided. An important thing to note is the Breach Date. Was the breach last week or 5 years ago? What can I do to help myself? Am I still using the account? Have I changed the password?

Checking a paste is just as important as a breach. A paste is telling us that a password or hash may actually be out there, not just that it happened.

Now, if I want to use either of these with a list of emails for my family let’s say (or an org) – I just put the list in file, one email at a time and run:

./hibp_check.py breach -f /path/to/file

We will get a list for each email in the file. The API has a rate limit, so if there are a lot of emails in the list, it can take some time. I have tried to take this into account when choosing a file to go through.

My hopes is this can help out geek families and a sys admin or two.

Grab the script from my GitHub repo: https://github.com/m0nkeyplay/hibp_quickCheck

Leave a Reply

Your email address will not be published. Required fields are marked *