HaveIBeenPwned API simple API usage

Trying to get my brain to work again. It’s a slow process..
I’ve been thinking of an automated, scheduled check – instead of signing up all mailadresses for notifications – get the information of possible breach in one go and place.

Here’s the lazy test setup I managed to get working after a few cups of coffee.

1 – Get all the addys into a manageable list (I’ll presume MS AD as target for extracting emails first).

https://community.spiceworks.com/scripts/show/76-list-all-ad-email-addresses-including-aliases
(I simply used the vbscript above from a AD-connected machine..)

2 – filter out things with … non-microsoft related stuff:

cat email_addresses.txt | tr ":" "\n" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | grep @yourdomain | sort | uniq | grep -v { | grep -v MsExch | grep -v MSExch

Simply clean out non-wanted default-standard-exchange-crap, check your list in short…

3 – ask the API:


!#/bin/bash
# AskTheAPI.sh
for fn in `cat emails.txt`; do
wget --user-agent="Internal Pwned checker" https://haveibeenpwned.com/api/v2/breachedaccount/$fn
sleep 3
done

The 404’s should be a happy sight – means no hits for that specific address. The ones that does have information, well, you need to do something about it.

Check the simple API doc for doing more or less;

https://haveibeenpwned.com/API/v2