How to query the ‘Have I been pwned?’ service from command line?

Pretty simple, with a node.js application

Have I Been Pwned? is a website created by security expert Troy Hunt, that allows internet users to check if their personal data has been compromised by data breaches.

The site collects and analyzes dozens of data leaks containing information about leaked accounts, and allows users to search for their own information by entering their username or email address.

Why build the site?

This site serves two primary purposes for me: firstly, it obviously provides a service to the public. Data breaches are rampant and many people don’t appreciate the scale or frequency with which they occur.

[…]

Secondly, the site provided me with an excellent use case for putting a number of technologies through their paces and keeping my hands-on skills somewhat current.

---

Can i access this service from command line or from a script?

D’oh!

Yes! The GitHub user wKovacs64 has developed a useful node.js script for querying ‘Have I been pwned?’ from the command line:

Usage: pwned [option | command]


Commands:

  ba [options] <account>   get all breaches for an account (username or email address)
  breaches [options]       get all breaches in the system
  breach [options] <name>  get a single breached site by breach name
  dc [options]             get all data classes in the system
  pa [options] <email>     get all pastes for an account (email address)

Each command has its own -h (--help) option.

Options:

  -h, --help     output usage information
  -v, --version  output the version number

The installation is pretty simple, just use npm:

npm install pwned -g

Now, if you want to check your account for all breaches, simple use this command:

$ pwned ba andrea@www.andreafortuna.org
- 
  Title:        GeekedIn
  Name:         GeekedIn
  Domain:       geekedin.net
  BreachDate:   2016-08-15
  AddedDate:    2016-11-17T19:44:24Z
  ModifiedDate: 2016-11-17T19:44:24Z
  PwnCount:     1073164
  Description:  In August 2016, the technology recruitment site <a href="http://geekedin.net" target="_blank" rel="noopener">GeekedIn</a> left a MongoDB database exposed and over 8M records were extracted by an unknown third party. The breached data was originally scraped from GitHub in violation of their terms of use and contained information exposed in public profiles, including over 1 million members' email addresses. Full details on the incident (including how impacted members can see their leaked data) are covered in the blog post on <a href="https://www.troyhunt.com/8-million-github-profiles-were-leaked-from-geekedins-mongodb-heres-how-to-see-yours" target="_blank" rel="noopener">8 million GitHub profiles were leaked from GeekedIn's MongoDB - here's how to see yours</a>.
  DataClasses: 
    - Email addresses
    - Geographic locations
    - Names
    - Professional skills
    - Usernames
    - Years of professional experience
  IsVerified:   true
  IsFabricated: false
  IsSensitive:  false
  IsActive:     true
  IsRetired:    false
  IsSpamList:   false
  LogoType:     png

Ok, I have been pwned! :-)

For more information and usage examples please check the official website:

[embed]http://wkovacs64.com/pwned/[/embed]