steampipe plugin install hibp

Table: hibp_paste - Query HIBP Pastes using SQL

HIBP (Have I Been Pwned) is a service that allows users to check whether their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts. A Paste is information that has been "pasted" to a publicly facing website designed to share content, such as Pastebin.

Table Usage Guide

The hibp_paste table provides insights into pastes within HIBP. As a security analyst, explore paste-specific details through this table, including the source, id, title, author, date, email count, and the full URL of the paste. Utilize it to uncover information about pastes, such as those containing compromised personal data, the sources of these pastes, and the extent of personal data leaks.

Important Notes

  • This table requires an API key to be configured in the hibp.spc file.

Examples

List pastes where billy@example.com was included in the paste

Explore pastes where a specific email address was included, helping to identify potential data breaches or unauthorized sharing of information.

select
id,
source
from
hibp_paste
where
account = 'billy@example.com';
select
id,
source
from
hibp_paste
where
account = 'billy@example.com';

List pastes where billy@example.com was included in the last 10 years

Discover the instances where the email 'billy@example.com' has been involved in any data breaches within the past decade. This is useful for understanding the security history of this specific email address.

select
id,
source,
date
from
hibp_paste
where
account = 'billy@example.com'
and date > now() - interval '10 years';
select
id,
source,
date
from
hibp_paste
where
account = 'billy@example.com'
and date > datetime('now', '-10 years');

Schema for hibp_paste

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
accounttext=The email account that was found in the paste (this field is required).
datetimestamp with time zoneThe date and time that the paste was posted. This is taken directly from the paste site when this information is available but may be null if no date is published.
email_countbigintThe number of emails that were found when processing the paste.
idtextThe ID of the paste as it was given at the source service. Combined with the 'source' attribute, this can be used to resolve the URL of the paste.
sourcetextThe paste service the record was retrieved from. Current values are: Pastebin, Pastie, Slexy, Ghostbin, QuickLeak, JustPaste, AdHocUrl, PermanentOptOut, OptOut.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextThe title of the paste as observed on the source site. This may be null and if so will be omitted from the response.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- hibp

You can pass the configuration to the command with the --config argument:

steampipe_export_hibp --config '<your_config>' hibp_paste