GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → icawebdesign → hibp-php

icawebdesign / hibp-php

Licence: MIT license
PHP library for accessing the Have I Been Pwned API.

Programming Languages

PHP
23972 projects - #3 most used programming language
shell
77523 projects

Labels

haveibeenpwnedapi-v3

Projects that are alternatives of or similar to hibp-php

hibpwned
Python API wrapper for haveibeenpwned.com (API v3)
Stars: ✭ 21 (+0%)
Mutual labels:  haveibeenpwned, api-v3
Maltego-haveibeenpwned
Maltego integration of https://haveibeenpwned.com
Stars: ✭ 55 (+161.9%)
Mutual labels:  haveibeenpwned
Haveibeenpwned lastpass
Check if your lastpass passwords have been pwned by someone
Stars: ✭ 96 (+357.14%)
Mutual labels:  haveibeenpwned
Breach.tw
A service that can track data breaches like "Have I Been Pwned", but it is specific for Taiwan.
Stars: ✭ 144 (+585.71%)
Mutual labels:  haveibeenpwned
Lil Pwny
Fast, offline auditing of Active Directory passwords using Python.
Stars: ✭ 117 (+457.14%)
Mutual labels:  haveibeenpwned
Pwned
A command-line tool for querying the 'Have I been pwned?' service.
Stars: ✭ 161 (+666.67%)
Mutual labels:  haveibeenpwned
Pwnedpasswordsdll
Open source solution to check prospective AD passwords against previously breached passwords
Stars: ✭ 71 (+238.1%)
Mutual labels:  haveibeenpwned
Pwned
Simple CLI script to check if you have a password that has been compromised in a data breach.
Stars: ✭ 47 (+123.81%)
Mutual labels:  haveibeenpwned
Hermes-Secure-Email-Gateway
Hermes Secure Email Gateway is a Free Open Source Ubuntu 18.04 or 20.04 Server based Email Gateway that provides Spam, Virus and Malware protection, full in-transit and at-rest email encryption as well as email archiving. It features the latest email authentication techniques such as SPF, DKIM and DMARC.
Stars: ✭ 35 (+66.67%)
Mutual labels:  haveibeenpwned
Cr3dov3r
Know the dangers of credential reuse attacks.
Stars: ✭ 1,700 (+7995.24%)
Mutual labels:  haveibeenpwned
H8mail
Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
Stars: ✭ 2,163 (+10200%)
Mutual labels:  haveibeenpwned
Pw Pwnage Cfworker
Deploy a Cloudflare Worker to sanely score users' new passwords with zxcvbn AND check for matches against haveibeenpwned's 7.8+ billion breached accounts
Stars: ✭ 125 (+495.24%)
Mutual labels:  haveibeenpwned
Hibpofflinecheck
Keepass plugin that performs offline and online checks against HaveIBeenPwned passwords
Stars: ✭ 191 (+809.52%)
Mutual labels:  haveibeenpwned
Socialpwned
SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB.
Stars: ✭ 104 (+395.24%)
Mutual labels:  haveibeenpwned
keepassxc-pwned
Check your keepassxc database against previously breached haveibeenpwned passwords
Stars: ✭ 25 (+19.05%)
Mutual labels:  haveibeenpwned
Password Leak
A library to check for compromised passwords
Stars: ✭ 92 (+338.1%)
Mutual labels:  haveibeenpwned
Passpwn
See if your passwords in pass has been breached.
Stars: ✭ 130 (+519.05%)
Mutual labels:  haveibeenpwned
Password pwncheck
Kerberos / Windows AD / Linux PAM password change check against breached lists (HIBP), and other rules
Stars: ✭ 152 (+623.81%)
Mutual labels:  haveibeenpwned
pam pwnd
A PAM module to test passwords against previous leaks at haveibeenpwned.com
Stars: ✭ 33 (+57.14%)
Mutual labels:  haveibeenpwned
wp-haveibeenpwned
Checks if the password for each WordPress user account has been compromised via haveibeenpwned.com
Stars: ✭ 26 (+23.81%)
Mutual labels:  haveibeenpwned
View All Similar Projects ➔

PHP library for Have I Been Pwned and Pwned Passwords.

Latest Stable Version Total Downloads License

HIBP-PHP is a composer library for accessing the Have I Been Pwned and Pwned Passwords APIs (currently v3).

The HIBP API now requires an API Key that needs to be purchased at the HIBP site for any lookups that use an email address. This currently means that if you're only using this package for lookups from the PwnedPassword section of the API, then an API key isn't required.

Version 5.x has dropped support for older PHP versions (< 7.4). If you still need a version of this package to run on an older PHP version, then please use the icawebdesign/hibp-php:^4 tag, though the 4.x branch will no longer receive updates.

Requirements

  • PHP 7.4+

Installation

composer require icawebdesign/hibp-php

Usage examples for Breach Sites data

Get all breach sites

use Icawebdesign\Hibp\Breach\Breach;
use Icawebdesign\Hibp\HibpHttp;

$breach = new Breach(new HibpHttp($apiKey));
$breachSites = $breach->getAllBreachSites();

Or we can filter for a domain the breach was listed in:

use Icawebdesign\Hibp\Breach\Breach;
use Icawebdesign\Hibp\HibpHttp;

$breach = new Breach(new HibpHttp($apiKey));
$breachSites = $breach->getAllBreachSites('adobe.com');

Get single breach site

use Icawebdesign\Hibp\Breach\Breach;
use Icawebdesign\Hibp\HibpHttp;

$breach = new Breach(new HibpHttp($apiKey));
$breachSite = $breach->getBreach('adobe');

Get list of data classes for breach sites

use Icawebdesign\Hibp\Breach\Breach;
use Icawebdesign\Hibp\HibpHttp;

$breach = new Breach(new HibpHttp($apiKey));
$dataClasses = $breach->getAllDataClasses();

Get data for a breached email account

use Icawebdesign\Hibp\Breach\Breach;
use Icawebdesign\Hibp\HibpHttp;

$breach = new Breach(new HibpHttp($apiKey));
$data = $breach->getBreachedAccount('[email protected]');

We can retrieve unverified accounts too by specifying true for the second param (not retrieved by default):

use Icawebdesign\Hibp\Breach\Breach;
use Icawebdesign\Hibp\HibpHttp;

$breach = new Breach(new HibpHttp($apiKey));
$data = $breach->getBreachedAccount('[email protected]', true);

We can also filter results back to a specific breached domain by adding a domain as the 3rd param

The PwnedPasswd methods can now take a second param of an array to specify GuzzleHttp request options.

use Icawebdesign\Hibp\Breach\Breach;
use Icawebdesign\Hibp\HibpHttp;

$breach = new Breach(new HibpHttp($apiKey));
$data = $breach->getBreachedAccount('[email protected]', true, 'adobe.com');

Usage examples for Pwned Passwords

Get number of times the start of a hash appears in the system matching against a full hash

use Icawebdesign\Hibp\Password\PwnedPassword;
use Icawebdesign\Hibp\HibpHttp;

$pwnedPassword = new PwnedPassword(new HibpHttp($apiKey));
$count = $pwnedPassword->rangeFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');

Get number of times the start of a hash appears in the system as above, but with padded values to help prevent fingerprinting

use Icawebdesign\Hibp\Password\PwnedPassword;
use Icawebdesign\Hibp\HibpHttp;

$pwnedPassword = new PwnedPassword(new HibpHttp($apiKey));
$hashData = $pwnedPassword->paddedRangeDataFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');

Get a collection of hash data from a start of a hash and matching against a full hash

use Icawebdesign\Hibp\Password\PwnedPassword;
use Icawebdesign\Hibp\HibpHttp;

$pwnedPassword = new PwnedPassword(new HibpHttp($apiKey));
$hashData = $pwnedPassword->rangeDataFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');

Get a collection of hash data from a start of a hash and matching against a full hash as above, but with padded values to help prevent fingerprinting

use Icawebdesign\Hibp\Password\PwnedPassword;
use Icawebdesign\Hibp\HibpHttp;

$pwnedPassword = new PwnedPassword(new HibpHttp($apiKey));
$hashData = $pwnedPassword->paddedRangeDataFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');

// Strip padded values from results
$hashData = PwnedPassword::stripZeroMatchesData($hashData, '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');

Usage examples for Paste lists

Get a collection of pastes that a specified email account has appeared in

use Icawebdesign\Hibp\Paste\Paste;
use Icawebdesign\Hibp\HibpHttp;

$paste = new Paste(new HibpHttp($apiKey));
$data = $paste->lookup('[email protected]');

Laravel specifics

If using the package within a Laravel application, you can use the provided facades. First, you need to add your HIBP API key to your .env file, or your preferred method for adding values to your server environment variables.

HIBP_API_KEY=abcdefgh123456789

You can then use the facades to call the relevant methods:

// Breach
use Icawebdesign\Hibp\Facades\Breach;

$breachSites = Breach::getAllBreachSites();

// Paste
use Icawebdesign\Hibp\Facades\Paste;

$paste = Paste::lookup('[email protected]');

// PwnedPassword
use Icawebdesign\Hibp\Facades\PwnedPassword;

$count = PwnedPassword::rangeFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

Credits

Thank you to Artem Fomenko for being the first external contributor to the package providing request options for Guzzle for the PwnedPassword methods.

License

The MIT License (MIT). Please see License File for more information.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].