v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/hibp
Overview
4Tables
Versions
GitHub
steampipe plugin install hibp

Table: hibp_password - Query HIBP Passwords using SQL

Have I Been Pwned (HIBP) is a service that collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts. It allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email address appears in future dumps.

Table Usage Guide

The hibp_password table provides insights into leaked passwords within HIBP. As a security analyst, use this table to explore details about leaked passwords, including their exposure count. Utilize it to uncover information about passwords, such as their frequency of occurrence in breaches, aiding in the development of more secure password policies.

Important Notes

  • You can search by providing the plaintext password or the hash which is the SHA-1 hash of the password that you are looking for. Alternatively, you can also search by the hash_prefix which is a prefix (at least 5 hex-digits) of the SHA-1 password.
  • This table does not require an API key to be configured in the hibp.spc file.

Examples

Get the number of times a password hash has been compromised (by hash)

Determine the frequency of a specific password hash's compromise. This query is useful for assessing the security of a particular password, helping to decide whether it needs to be changed to maintain data protection.

select
  hash,
  count
from
  hibp_password
where
  hash = '908f704ccaadfd86a74407d234c7bde30f2744fe';
select
  hash,
  count
from
  hibp_password
where
  hash = '908f704ccaadfd86a74407d234c7bde30f2744fe';

Get the number of times a password has been compromised (by plaintext)

Gain insights into the security of a specific password by determining how many times it has been compromised, helping to assess password strength and potential vulnerabilities.

select
  plaintext,
  hash,
  count
from
  hibp_password
where
  plaintext = '123457';
select
  plaintext,
  hash,
  count
from
  hibp_password
where
  plaintext = '123457';

Get the number of times a collection of passwords has been compromised (by prefix)

Analyze the frequency of password compromises to understand potential vulnerabilities. This could be useful in strengthening security measures by identifying commonly compromised passwords.

select
  plaintext,
  hash,
  count
from
  hibp_password
where
  hash_prefix = '908f704cc';
select
  plaintext,
  hash,
  count
from
  hibp_password
where
  hash_prefix = '908f704cc';

Schema for hibp_password

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
countbigintThe total number of times this password has been found compromised.
hashtext=The hash of the compromised password.
hash_prefixtext=The first 5-char prefix of the hash of the compromised password.
plaintexttext=The plain-text of the compromised password (sent as a hash to the API).

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- hibp

You can pass the configuration to the command with the --config argument:

steampipe_export_hibp --config '<your_config>' hibp_password