Table: hibp_password - Query HIBP Passwords using SQL
Have I Been Pwned (HIBP) is a service that collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts. It allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email address appears in future dumps.
Table Usage Guide
The hibp_password
table provides insights into leaked passwords within HIBP. As a security analyst, use this table to explore details about leaked passwords, including their exposure count. Utilize it to uncover information about passwords, such as their frequency of occurrence in breaches, aiding in the development of more secure password policies.
Important Notes
- You can search by providing the
plaintext
password or thehash
which is theSHA-1
hash of the password that you are looking for. Alternatively, you can also search by thehash_prefix
which is a prefix (at least 5 hex-digits) of theSHA-1
password. - This table does not require an API key to be configured in the
hibp.spc
file.
Examples
Get the number of times a password hash has been compromised (by hash)
Determine the frequency of a specific password hash's compromise. This query is useful for assessing the security of a particular password, helping to decide whether it needs to be changed to maintain data protection.
select hash, countfrom hibp_passwordwhere hash = '908f704ccaadfd86a74407d234c7bde30f2744fe';
select hash, countfrom hibp_passwordwhere hash = '908f704ccaadfd86a74407d234c7bde30f2744fe';
Get the number of times a password has been compromised (by plaintext)
Gain insights into the security of a specific password by determining how many times it has been compromised, helping to assess password strength and potential vulnerabilities.
select plaintext, hash, countfrom hibp_passwordwhere plaintext = '123457';
select plaintext, hash, countfrom hibp_passwordwhere plaintext = '123457';
Get the number of times a collection of passwords has been compromised (by prefix)
Analyze the frequency of password compromises to understand potential vulnerabilities. This could be useful in strengthening security measures by identifying commonly compromised passwords.
select plaintext, hash, countfrom hibp_passwordwhere hash_prefix = '908f704cc';
select plaintext, hash, countfrom hibp_passwordwhere hash_prefix = '908f704cc';
Schema for hibp_password
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
count | bigint | The total number of times this password has been found compromised. | |
hash | text | = | The hash of the compromised password. |
hash_prefix | text | = | The first 5-char prefix of the hash of the compromised password. |
plaintext | text | = | The plain-text of the compromised password (sent as a hash to the API). |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- hibp
You can pass the configuration to the command with the --config
argument:
steampipe_export_hibp --config '<your_config>' hibp_password