Haveibeenpwned bash script


What is haveibeenpwned, this is a great project, create by Troy Hunt, where you have possibility to check if your email / account was compromised. Here, in this simple bash script we use haveibeenpwned API to check one or more emails.

Github

Under this link you will find my repository with this code
https://github.com/szalek/haveibeenpwned/blob/master/haveibeenpwned.sh

Installation

Installation is quite easy everything what you have to have is git. I assume that you are using linux, aren’t you ? 🙂

git clone https://github.com/szalek/haveibeenpwned.git /home/haveibeenpwned && \
    chmod +x /home/haveibeenpwned/haveibeenpwned.sh && \
    ln -s /home/haveibeenpwned/haveibeenpwned.sh /usr/bin/haveibeenpwned

How to use

There are two possibility, check one email, or pass as parameter file that will contains a list of emails.

haveibeenpwned emails.txt
haveibeenpwned test@example.com
haveibeenpwned noexist@btbw.pl

Example file: emails.txt

test@example.com
noexist@btbw.pl

Docker image for the rescure

Under this link https://hub.docker.com/r/szalek/pentest-tools/ you will find a docker image with a lot of tools, one of this tool is my script. Ready to use.

Script

#!/usr/bin/env bash

ARG=$1

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
NC='\033[0m'

function pwned {

    statusCode=$(curl --write-out %{http_code} --silent --output /dev/null "https://haveibeenpwned.com/api/v2/breachedaccount/$email")

    if [ "$statusCode" == 200 ]
        then
            echo -e ${RED} 'Oh no — pwned!' ${email} ${NC}
        else
    if [ "$statusCode" == 404 ]
        then
            echo -e ${GREEN} 'Good news — no pwnage found!' ${email} ${NC}
        else
            echo -e  ${YELLOW} 'Error' ${email} ${NC}
        fi
    fi

}

if [ $ARG == *.txt ]
  then
    for FILE in "$@"
    do
        while read email;
            do
            pwned email
            sleep 2
        done < ${ARG}
    done
  else
    email=$ARG
    pwned $email
fi