How to query the ‘Have I been pwned?’ service from command line?

Pretty simple, with a node.js application


Have I Been Pwned? is a website created by security expert Troy Hunt, that allows internet users to check if their personal data has been compromised by data breaches.

The site collects and analyzes dozens of data leaks containing information about leaked accounts, and allows users to search for their own information by entering their username or email address.

Why build the site?

This site serves two primary purposes for me: firstly, it obviously provides a service to the public. Data breaches are rampant and many people don’t appreciate the scale or frequency with which they occur.

[…]

Secondly, the site provided me with an excellent use case for putting a number of technologies through their paces and keeping my hands-on skills somewhat current.


Can i access this service from command line or from a script?

D’oh!

Yes! The GitHub user wKovacs64 has developed a useful node.js script for querying ‘Have I been pwned?’ from the command line:

Usage: pwned [option | command]


Commands:

ba [options] <account> get all breaches for an account (username or email address)
breaches [options] get all breaches in the system
breach [options] <name> get a single breached site by breach name
dc [options] get all data classes in the system
pa [options] <email> get all pastes for an account (email address)

Each command has its own -h (--help) option.

Options:

-h, --help output usage information
-v, --version output the version number

The installation is pretty simple, just use npm:

npm install pwned -g

Now, if you want to check your account for all breaches, simple use this command:

$ pwned ba [email protected]
-
Title: GeekedIn
Name: GeekedIn
Domain: geekedin.net
BreachDate: 2016-08-15
AddedDate: 2016-11-17T19:44:24Z
ModifiedDate: 2016-11-17T19:44:24Z
PwnCount: 1073164
Description: In August 2016, the technology recruitment site <a href="http://geekedin.net" target="_blank" rel="noopener">GeekedIn</a> left a MongoDB database exposed and over 8M records were extracted by an unknown third party. The breached data was originally scraped from GitHub in violation of their terms of use and contained information exposed in public profiles, including over 1 million members' email addresses. Full details on the incident (including how impacted members can see their leaked data) are covered in the blog post on <a href="https://www.troyhunt.com/8-million-github-profiles-were-leaked-from-geekedins-mongodb-heres-how-to-see-yours" target="_blank" rel="noopener">8 million GitHub profiles were leaked from GeekedIn's MongoDB - here's how to see yours</a>.
DataClasses:
- Email addresses
- Geographic locations
- Names
- Professional skills
- Usernames
- Years of professional experience
IsVerified: true
IsFabricated: false
IsSensitive: false
IsActive: true
IsRetired: false
IsSpamList: false
LogoType: png

Ok, I have been pwned! 🙂

For more information and usage examples please check the official website:

http://wkovacs64.com/pwned/

Comments