GithubHelp home page GithubHelp logo

masterlittle / hibpnotifer Goto Github PK

View Code? Open in Web Editor NEW
1.0 3.0 2.0 22 KB

Checks for breaches for an email against the HaveIBeenPwned Database and allows sending emails and slack notications along with integrating with GSuite to automate breach detection for enterprise employees.

License: Apache License 2.0

Python 98.71% HTML 1.29%
python security breach compromised-emails

hibpnotifer's Introduction

HIBPNotifer

This is fork of the core component of https://github.com/thewhiteh4t/pwnedOrNot .

It focuses on sending email and slack notifications of the breaches encountered. P.S - Notifications only include breach info for now (exclude dumps).

Will also be integrating with Google Admin SDK to read users from GSuite.

haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script:

  • Name of Breach
  • Domain Name
  • Date of Breach
  • Fabrication status
  • Verification Status
  • Retirement status
  • Spam Status

And with all this information pwnedOrNot can easily find passwords for compromised emails if the dump is accessible and it contains the password

Installation

git clone https://github.com/masterlittle/HIBPNotifier.git
cd HIBPNotifier
pip3 install -r requirements.txt

Usage

python3 checkemails.py -h

usage: checkemails.py [-h] [-e EMAIL] [-f FILE] [-d DOMAIN] [-n] [-l]
                     [-c CHECK] [-s] [-D DAYS]

optional arguments:
  -h, --help                  show this help message and exit
  -e EMAIL, --email EMAIL     Email Address You Want to Test
  -f FILE, --file FILE        Load a File with Multiple Email Addresses
  -d DOMAIN, --domain DOMAIN  Filter Results by Domain Name
  -n, --nodumps               Only Check Breach Info and Skip Password Dumps
  -l, --list                  Get List of all pwned Domains
  -c CHECK, --check CHECK     Check if your Domain is pwned
  -s, --send-email            Email the results to the email id being checked. Check at the bottom for the environment variables to be set
  -D, --days                  Number of days past to check the breaches for
  -S, --slack-channel         If this option is present, you can send breach notifications to slack. Check at the bottom for the environment variables to be set

# Examples

# Check Single Email
python3 checkemails.py -e <email>
#OR
python3 checkemails.py --email <email>

# Check Multiple Emails from File
python3 checkemails.py -f <file name>
#OR
python3 checkemails.py --file <file name>

# Filter Result for a Domain Name [Ex : adobe.com]
python3 checkemails.py -e <email> -d <domain name>
#OR
python3 checkemails.py -f <file name> --domain <domain name>

# Get only Breach Info, Skip Password Dumps
python3 checkemails.py -e <email> -n
#OR
python3 checkemails.py -f <file name> --nodumps

# Get List of all Breached Domains
python3 checkemails.py -l
#OR
python3 checkemails.py --list

# Send email of breaches and check breaches only for past 30 days
python3 checkemails.py -e <email> -s -D 30

# Send slack notifications
python3 checkemails.py -f <file> -S <slack channel>

# Check if a Domain is Pwned
python3 checkemails.py -c <domain name>
#OR
python3 checkemails.py --check <domain name>

ENV variables to set for sending emails. All variables are set in config.py -

  • LEAK_ALERTER_EMAIL_HOST

  • LEAK_ALERTER_EMAIL_PORT -> Default = 587

  • LEAK_ALERTER_EMAIL_USERNAME -> Default = None

  • LEAK_ALERTER_EMAIL_PASSWORD -> Default = None

  • LEAK_ALERTER_EMAIL_SEND_TO -> Default = The email being checked

  • LEAK_ALERTER_EMAIL_SEND_FROM

  • LEAK_ALERTER_EMAIL_SUBJECT -> Default = Email found in security breach

ENV variable to set for Slack

  • SLACK_API_TOKEN

hibpnotifer's People

Contributors

masterlittle avatar

Stargazers

avatar

Watchers

avatar avatar avatar

Forkers

bellyfat dg2kjb

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.