Giters

masterlittle / HIBPNotifer

Checks for breaches for an email against the HaveIBeenPwned Database and allows sending emails and slack notications along with integrating with GSuite to automate breach detection for enterprise employees.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

pythonsecuritybreachcompromised-emails

HIBPNotifer

This is fork of the core component of https://github.com/thewhiteh4t/pwnedOrNot .

It focuses on sending email and slack notifications of the breaches encountered. P.S - Notifications only include breach info for now (exclude dumps).

Will also be integrating with Google Admin SDK to read users from GSuite.

haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script:

  • Name of Breach
  • Domain Name
  • Date of Breach
  • Fabrication status
  • Verification Status
  • Retirement status
  • Spam Status

And with all this information pwnedOrNot can easily find passwords for compromised emails if the dump is accessible and it contains the password

Installation

git clone https://github.com/masterlittle/HIBPNotifier.git
cd HIBPNotifier
pip3 install -r requirements.txt

Usage

python3 checkemails.py -h

usage: checkemails.py [-h] [-e EMAIL] [-f FILE] [-d DOMAIN] [-n] [-l]
                     [-c CHECK] [-s] [-D DAYS]

optional arguments:
  -h, --help                  show this help message and exit
  -e EMAIL, --email EMAIL     Email Address You Want to Test
  -f FILE, --file FILE        Load a File with Multiple Email Addresses
  -d DOMAIN, --domain DOMAIN  Filter Results by Domain Name
  -n, --nodumps               Only Check Breach Info and Skip Password Dumps
  -l, --list                  Get List of all pwned Domains
  -c CHECK, --check CHECK     Check if your Domain is pwned
  -s, --send-email            Email the results to the email id being checked. Check at the bottom for the environment variables to be set
  -D, --days                  Number of days past to check the breaches for
  -S, --slack-channel         If this option is present, you can send breach notifications to slack. Check at the bottom for the environment variables to be set

# Examples

# Check Single Email
python3 checkemails.py -e <email>
#OR
python3 checkemails.py --email <email>

# Check Multiple Emails from File
python3 checkemails.py -f <file name>
#OR
python3 checkemails.py --file <file name>

# Filter Result for a Domain Name [Ex : adobe.com]
python3 checkemails.py -e <email> -d <domain name>
#OR
python3 checkemails.py -f <file name> --domain <domain name>

# Get only Breach Info, Skip Password Dumps
python3 checkemails.py -e <email> -n
#OR
python3 checkemails.py -f <file name> --nodumps

# Get List of all Breached Domains
python3 checkemails.py -l
#OR
python3 checkemails.py --list

# Send email of breaches and check breaches only for past 30 days
python3 checkemails.py -e <email> -s -D 30

# Send slack notifications
python3 checkemails.py -f <file> -S <slack channel>

# Check if a Domain is Pwned
python3 checkemails.py -c <domain name>
#OR
python3 checkemails.py --check <domain name>

ENV variables to set for sending emails. All variables are set in config.py -

  • LEAK_ALERTER_EMAIL_HOST

  • LEAK_ALERTER_EMAIL_PORT -> Default = 587

  • LEAK_ALERTER_EMAIL_USERNAME -> Default = None

  • LEAK_ALERTER_EMAIL_PASSWORD -> Default = None

  • LEAK_ALERTER_EMAIL_SEND_TO -> Default = The email being checked

  • LEAK_ALERTER_EMAIL_SEND_FROM

  • LEAK_ALERTER_EMAIL_SUBJECT -> Default = Email found in security breach

ENV variable to set for Slack

  • SLACK_API_TOKEN

About

Checks for breaches for an email against the HaveIBeenPwned Database and allows sending emails and slack notications along with integrating with GSuite to automate breach detection for enterprise employees.

pythonsecuritybreachcompromised-emails

License:Apache License 2.0

Languages

Language:Python 98.7%Language:HTML 1.3%