Have I Been Pwned
App Vendor: Have I Been Pwned
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.3.1
API Version: v3
About App
The majority of the data breaches expose credential information, such as usernames and passwords, with the former usually being an email address. Some personally identifiable information (PII) and other sensitive organization-centric data were added into the mix as well.
The Have I Been Pwned (HIBP) API checks if your email, domain, or password (hash) has been compromised in a data breach and provides details of the breach if found. This is API V3 of Have I Been Pwned.
The Have I Been Pwned app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Check Email Reputation | This action checks the reputation of an email address in HIBP. |
Check Domain Reputation | This action checks the reputation of a domain value in HIBP. |
Check Hash Reputation for Password | This action checks the reputation of a hash reputation of a password in HIBP. |
Fetch Data Classes | This action fetches data classes from HIBP. |
Fetch Pastes Email Details | This action fetches the details of pastes emails from HIBP. |
Fetch the list of Breaches | This action fetches a list of breaches from the HIBP. |
Get Compromised Credential Details | This action is used to get compromised credential details. |
Get Compromised Credentials | This action is used to check compromised credentials. |
Generic Action | This is a generic action used to make requests to any HIBP endpoint. |
Configuration Parameters
The following configuration parameters are required for the Have I Been Pwned app to communicate with the Have I Been Pwned enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key for your HIBP instance. Example: a1b2c33d4e5f6g7h8i9jakblc | Text | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Have I Been Pwned. | Integer | Optional | Allowed Range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, this is enabled. |
Domain | Enter the domain to retrieve all the compromised credentials and the details associated with it. Example: sampledomain.com | Text | Optional |
Action: Check Email Reputation
This action checks the reputation of an email address in HIBP.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Input Email Address | Enter the email address to check the reputation. Example: johndoe@sampledomain.com | Text | Required |
Example Request
[
{
"email": "johndoe@sampledomain.com"
}
]Action: Check Domain Reputation
This action checks the reputation of a domain value in HIBP.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Input Domain without TLD | Enter the domain name without TLD as an input. Example: exampledomain | Text | Required |
Example Request
[
{
"domain": "exampledomain"
}
]Action: Check Hash Reputation for Password
This action checks the reputation of a hash reputation of a password in HIBP.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash | Enter the first five characters of a SHA-1 password hash you want to search. Example: 21bd1 | Text | Required |
Example Request
[
{
"hash_pwn_sha1_prefix": "21bd1"
}
]Action: Fetch Data Classes
This action fetches data classes from HIBP. A data class is a specific category of sensitive information, such as email addresses or passwords, compromised in a breach.
Action Input Parameters
This action does not require any input parameter.
Action: Fetch Pastes Email Details
This action fetches the details of pastes emails from HIBP.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Enter the email account. Example: johndoe@sampledomain.com | Text | Required |
Example Request
[
{
"email": "johndoe@sampledomain.com"
}
]Action: Fetch the List of Breaches
This action fetches a list of breaches from the HIBP.
Action Input Parameters
This action does not require any input parameter.
Action: Generic Action
This is a generic action used to make requests to any HIBP endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values:
|
Endpoint | Enter the endpoint to make the request. Example: /schedules/{schedule_id} | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional |
[
{
"method": "GET",
"endpoint": "/schedules/{schedule_id}"
}
]