This script checks the http://haveibeenpwned.com database for accounts compromised in PUBLICLY RELEASED breaches. Further API documentation can be found at: https://haveibeenpwned.com/API/v2. Based on the PwnedCheck gem and sample script written by Carl Sampson http://github.com/sampsonc/PwnedCheck
| Version | 1.0.0 |
|---|---|
| Author | Nolan Kennedy |
| Github | http://github.com/nxkennedy/compromised |
Check list of usernames, email addresses, or phone numbers to determine if they were compromised in a breach
-
ruby >= 2.4.0
-
Install the following 3 gems:
gem install paint progress_bar PwnedCheck
ruby compromised_investigation.rb <email-list.csv>
Output is shown in the terminal as well as written to CSV. Output formats can be seen below.
I wanted the terminal output formatted in a Private Investigator theme. Here's what the output means in plain English:
- "ASSOCIATED WITH ILLICIT ACTIVITY" = Found in at least one confirmed breach
- "CLEARED OF SUSPICION" = Not found in any confirmed breaches
- "BAD LEADS" = Errors raised due to misformatted input
The API request to HIBP returns the most recent breach date first for each account. An "x" will be placed in the "Most Recent" column while additional breaches for the same account will not include the "x."
| Account | Finding | BreachName | BreachDate | MostRecent |
|---|---|---|---|---|
| [email protected] | COMPROMISED | Nival | 2016-02-29 | x |
| [email protected] | COMPROMISED | Special K Data Feed Spam List | 2015-10-07 | |
| [email protected] | Not Found |