Test Corporate email leakage
Hello,
Nowadays, a lot of “hacking” happens everyday, and passwords are available for resale on the web. Troy Hunt, decided to build a website referencing all the public data breaches he knows about.
Test Corporate eMail Leakage – The website
Test Corporate eMail Leakage – HomePage
You can enter your email address and check if you’ve been powned in a data breach. This is kind of nice !
Test Corporate eMail Leakage – The API
Troy also build an API that we can use for free. if you look at the documentation, you can see what we can do with :
List data breaches
Invoke-WebRequest -Uri 'https://haveibeenpwned.com/api/v2/breaches' | Select-Object -ExpandProperty Content | ConvertFrom-Json | ft
Test Corporate eMail Leakage – Data Breaches
List Data Classes
Invoke-WebRequest -Uri 'https://haveibeenpwned.com/api/v2/dataclasses' | Select-Object -ExpandProperty Content | ConvertFrom-Json
Test Corporate eMail Leakage – Data classes
There is a lot more in the documentation of the API.
Test Corporate eMail Leakage – The API & PowerShell
So, the API is here, free to use, we can use PowerShell to search for breached email :
Invoke-WebRequest -Uri "https://haveibeenpwned.com/api/v2/breachedaccount/emmanuel.demilliere@itfordummies.net" | select -ExpandProperty Content | ConvertFrom-Json
You can change the email address to fir your needs. As some people, I built a PowerShell function to automate the search part :
function Test-HaveIBeenPwned{
[CmdletBinding()]
[OutputType([PsObject])]
Param(
[Parameter(ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true
)]
[String[]]$eMail
)
Begin{
Update-TypeData -TypeName 'HaveIBeenPwned' -DefaultDisplayPropertySet eMail,Domain, BreachDate -ErrorAction SilentlyContinue
}
Process{
try{
$Data = Invoke-WebRequest -Uri "https://haveibeenpwned.com/api/v2/breachedaccount/$eMail" -Verbose:$false | Select-Object -ExpandProperty Content | ConvertFrom-Json
}
catch [System.Net.WebException]{
if($_.Exception -like '*404*'){
$Status = 'NotPowned'
Write-Verbose -Message "$eMail not powned, congratz !"
}
elseif($_.Exception -like '*403*'){
$Status = 'Forbidden'
Write-Verbose -Message "$eMail forbidden !"
}
elseif($_.Exception -like '*400*'){
$Status = 'BadRequest'
Write-Verbose -Message "$eMail bad request !"
}
}
catch{
$Status = 'Unknown'
Write-Warning -Message "$eMail not found."
}
finally{
New-Object -TypeName PsObject -Property @{
PsTypeName = 'HaveIBeenPwned'
eMail = "$eMail"
Title = $Data.Title
Name = $Data.Name
Domain = if([String]::IsNullOrEmpty($Data.Domain)){$Status}else{$Data.Domain}
BreachDate = $Data.BreachDate
AddedDate = $Data.AddedDate
PwnCount = $Data.PwnCount
Description = $Data.Description
DataClasses = $Data.DataClasses
IsVerified = $Data.IsVerified
IsSensitive = $Data.IsSensitive
IsActive = $Data.IsActive
IsRetired = $Data.IsRetired
LogoType = $Data.LogoType
}
}
$Data = $null
}
End{}
}
And then, you can search for your email addresses :
'emmanuel.demilliere@itfordummies.net' | Test-HaveIBeenPwned
Test Corporate eMail Leakage – PowerShell function
Or, you can test for your company and filter only those powned :
Get-ADUser -Filter {mail -like '*@*'} -properties mail | Select-Object -ExpandProperty mail | Test-HaveIBeenPwned | Where-Object -FilterScript {$_.Domain -like '*.*'}
Conclusion
The database behind this website is updated on a regular basis, you subscribe to the RSS feed here, you may want to check your email addresses on a regular basis too.
If you have some idea about how to improve the service, there is a UserVoice for it.
Very Useful !
thanks !