Test Corporate eMail Leakage

Test Corporate email leakage

Hello,

Nowadays, a lot of “hacking” happens everyday, and passwords are available for resale on the web. Troy Hunt, decided to build a website referencing all the public data breaches he knows about.

Test Corporate eMail Leakage – The website

https://haveibeenpwned.com/

Test Corporate eMail Leakage - HomePage

Test Corporate eMail Leakage – HomePage

You can enter your email address and check if you’ve been powned in a data breach. This is kind of nice !

Test Corporate eMail Leakage – The API

Troy also build an API that we can use for free. if you look at the documentation, you can see what we can do with :

List data breaches

Invoke-WebRequest -Uri 'https://haveibeenpwned.com/api/v2/breaches' | Select-Object -ExpandProperty Content | ConvertFrom-Json | ft
Test Corporate eMail Leakage - Data Breaches

Test Corporate eMail Leakage – Data Breaches

List Data Classes

Invoke-WebRequest -Uri 'https://haveibeenpwned.com/api/v2/dataclasses' | Select-Object -ExpandProperty Content | ConvertFrom-Json
Test Corporate eMail Leakage - Data classes

Test Corporate eMail Leakage – Data classes

There is a lot more in the documentation of the API.

Test Corporate eMail Leakage – The API & PowerShell

So, the API is here, free to use, we can use PowerShell to search for breached email :

Invoke-WebRequest -Uri "https://haveibeenpwned.com/api/v2/breachedaccount/emmanuel.demilliere@itfordummies.net" | select -ExpandProperty Content | ConvertFrom-Json

You can change the email address to fir your needs. As some people, I built a PowerShell function to automate the search part :

function Test-HaveIBeenPwned{
    [CmdletBinding()]
    [OutputType([PsObject])]
    Param(
        [Parameter(ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true
        )]
        [String[]]$eMail
    )
    Begin{
        Update-TypeData -TypeName 'HaveIBeenPwned' -DefaultDisplayPropertySet eMail,Domain, BreachDate -ErrorAction SilentlyContinue
    }
    Process{
        try{
            $Data = Invoke-WebRequest -Uri "https://haveibeenpwned.com/api/v2/breachedaccount/$eMail" -Verbose:$false | Select-Object -ExpandProperty Content | ConvertFrom-Json
        }
        catch [System.Net.WebException]{
            if($_.Exception -like '*404*'){
                $Status = 'NotPowned'
                Write-Verbose -Message "$eMail not powned, congratz !"
            }
            elseif($_.Exception -like '*403*'){
                $Status = 'Forbidden'
                Write-Verbose -Message "$eMail forbidden !"
            }
            elseif($_.Exception -like '*400*'){
                $Status = 'BadRequest'
                Write-Verbose -Message "$eMail bad request !"
            }
        }
        catch{
            $Status = 'Unknown'
            Write-Warning -Message "$eMail not found."
        }
        finally{
            New-Object -TypeName PsObject -Property @{
                PsTypeName  = 'HaveIBeenPwned'
                eMail       = "$eMail"
                Title       = $Data.Title
                Name        = $Data.Name
                Domain      = if([String]::IsNullOrEmpty($Data.Domain)){$Status}else{$Data.Domain}
                BreachDate  = $Data.BreachDate
                AddedDate   = $Data.AddedDate
                PwnCount    = $Data.PwnCount
                Description = $Data.Description
                DataClasses = $Data.DataClasses
                IsVerified  = $Data.IsVerified
                IsSensitive = $Data.IsSensitive
                IsActive    = $Data.IsActive
                IsRetired   = $Data.IsRetired
                LogoType    = $Data.LogoType
            }
        }
        $Data = $null
    }
    End{}
}

And then, you can search for your email addresses :

'emmanuel.demilliere@itfordummies.net' | Test-HaveIBeenPwned
Test Corporate eMail Leakage - PowerShell function

Test Corporate eMail Leakage – PowerShell function

Or, you can test for your company and filter only those powned :

Get-ADUser -Filter {mail -like '*@*'} -properties mail | Select-Object -ExpandProperty mail | Test-HaveIBeenPwned | Where-Object -FilterScript {$_.Domain -like '*.*'}

Conclusion

The database behind this website is updated on a regular basis, you subscribe to the RSS feed here, you may want to check your email addresses on a regular basis too.

If you have some idea about how to improve the service, there is a UserVoice for it.

0 thoughts on “Test Corporate eMail Leakage

Leave a Reply