Jump to content
OpenSecurity.global
  • Recently Browsing   0 members

    No registered users viewing this page.

  • 0
Sign in to follow this  
Steve Walsh

Have I been pwned API

Question

5 answers to this question

Recommended Posts

  • 0

Everything that will answer your questions is within the documentation for HIBP API v3: https://haveibeenpwned.com/api/v3/

It costs only a few dollars to get a key yourself. Alternatively, people seem to "openly" share their API keys on Github, so there is that too, but I personally bought one.

> Useful? Yes.

> Cool features? Yes.

> Improve security? Probably.

Consider obtaining API keys for multiple breached data search engines, and use h8mail by khast3x: https://github.com/khast3x/h8mail

Edited by Matthew Broke

Share this post


Link to post
  • 0

Cheers guys. My org recently had a sextortion attack. Used 1647 unique outlook address with a PDF attached which was password protected. The name of the PDF was the name of previously used password and contained within psf was usual sextortion bullshit with a link to a wallet. All mails involved were in have I been pwned. So I'd like to connect with the API to do password audits.

Share this post


Link to post
  • 0
16 hours ago, Steve Walsh said:

Cheers guys. My org recently had a sextortion attack. Used 1647 unique outlook address with a PDF attached which was password protected. The name of the PDF was the name of previously used password and contained within psf was usual sextortion bullshit with a link to a wallet. All mails involved were in have I been pwned. So I'd like to connect with the API to do password audits.

why not sign up at HIBP as a "domain" admin, check how many current users email addr appear in HIBP data, design a special security awareness package just for them - and then learn how to filter this junk out at the gateway

Share this post


Link to post
  • 0
On 9/18/2019 at 10:35 PM, Steve Walsh said:

Cheers guys. My org recently had a sextortion attack. Used 1647 unique outlook address with a PDF attached which was password protected. The name of the PDF was the name of previously used password and contained within psf was usual sextortion bullshit with a link to a wallet. All mails involved were in have I been pwned. So I'd like to connect with the API to do password audits.

That probably isn’t the use cases for HIBP, eg they don’t provide passwords. 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy