Test Corporate email leakage
Hello,
Nowadays, a lot of “hacking” happens everyday, and passwords are available for resale on the web. Troy Hunt, decided to build a website referencing all the public data breaches he knows about.
Test Corporate eMail Leakage – The website
You can enter your email address and check if you’ve been powned in a data breach. This is kind of nice !
Test Corporate eMail Leakage – The API
Troy also build an API that we can use for free. if you look at the documentation, you can see what we can do with :
List data breaches
Invoke-WebRequest -Uri 'https://haveibeenpwned.com/api/v2/breaches' | Select-Object -ExpandProperty Content | ConvertFrom-Json | ft
List Data Classes
Invoke-WebRequest -Uri 'https://haveibeenpwned.com/api/v2/dataclasses' | Select-Object -ExpandProperty Content | ConvertFrom-Json
There is a lot more in the documentation of the API.
Test Corporate eMail Leakage – The API & PowerShell
So, the API is here, free to use, we can use PowerShell to search for breached email :
Invoke-WebRequest -Uri "https://haveibeenpwned.com/api/v2/breachedaccount/emmanuel.demilliere@itfordummies.net" | select -ExpandProperty Content | ConvertFrom-Json
You can change the email address to fir your needs. As some people, I built a PowerShell function to automate the search part :
function Test-HaveIBeenPwned{ [CmdletBinding()] [OutputType([PsObject])] Param( [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true )] [String[]]$eMail ) Begin{ Update-TypeData -TypeName 'HaveIBeenPwned' -DefaultDisplayPropertySet eMail,Domain, BreachDate -ErrorAction SilentlyContinue } Process{ try{ $Data = Invoke-WebRequest -Uri "https://haveibeenpwned.com/api/v2/breachedaccount/$eMail" -Verbose:$false | Select-Object -ExpandProperty Content | ConvertFrom-Json } catch [System.Net.WebException]{ if($_.Exception -like '*404*'){ $Status = 'NotPowned' Write-Verbose -Message "$eMail not powned, congratz !" } elseif($_.Exception -like '*403*'){ $Status = 'Forbidden' Write-Verbose -Message "$eMail forbidden !" } elseif($_.Exception -like '*400*'){ $Status = 'BadRequest' Write-Verbose -Message "$eMail bad request !" } } catch{ $Status = 'Unknown' Write-Warning -Message "$eMail not found." } finally{ New-Object -TypeName PsObject -Property @{ PsTypeName = 'HaveIBeenPwned' eMail = "$eMail" Title = $Data.Title Name = $Data.Name Domain = if([String]::IsNullOrEmpty($Data.Domain)){$Status}else{$Data.Domain} BreachDate = $Data.BreachDate AddedDate = $Data.AddedDate PwnCount = $Data.PwnCount Description = $Data.Description DataClasses = $Data.DataClasses IsVerified = $Data.IsVerified IsSensitive = $Data.IsSensitive IsActive = $Data.IsActive IsRetired = $Data.IsRetired LogoType = $Data.LogoType } } $Data = $null } End{} }
And then, you can search for your email addresses :
'emmanuel.demilliere@itfordummies.net' | Test-HaveIBeenPwned
Or, you can test for your company and filter only those powned :
Get-ADUser -Filter {mail -like '*@*'} -properties mail | Select-Object -ExpandProperty mail | Test-HaveIBeenPwned | Where-Object -FilterScript {$_.Domain -like '*.*'}
Conclusion
The database behind this website is updated on a regular basis, you subscribe to the RSS feed here, you may want to check your email addresses on a regular basis too.
If you have some idea about how to improve the service, there is a UserVoice for it.
Very Useful !
thanks !