Table: hibp_paste - Query HIBP Pastes using SQL
HIBP (Have I Been Pwned) is a service that allows users to check whether their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts. A Paste is information that has been "pasted" to a publicly facing website designed to share content, such as Pastebin.
Table Usage Guide
The hibp_paste
table provides insights into pastes within HIBP. As a security analyst, explore paste-specific details through this table, including the source, id, title, author, date, email count, and the full URL of the paste. Utilize it to uncover information about pastes, such as those containing compromised personal data, the sources of these pastes, and the extent of personal data leaks.
Important Notes
- This table requires an API key to be configured in the
hibp.spc
file.
Examples
List pastes where billy@example.com
was included in the paste
Explore pastes where a specific email address was included, helping to identify potential data breaches or unauthorized sharing of information.
select id, sourcefrom hibp_pastewhere account = 'billy@example.com';
select id, sourcefrom hibp_pastewhere account = 'billy@example.com';
List pastes where billy@example.com
was included in the last 10 years
Discover the instances where the email 'billy@example.com' has been involved in any data breaches within the past decade. This is useful for understanding the security history of this specific email address.
select id, source, datefrom hibp_pastewhere account = 'billy@example.com' and date > now() - interval '10 years';
select id, source, datefrom hibp_pastewhere account = 'billy@example.com' and date > datetime('now', '-10 years');
Schema for hibp_paste
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account | text | = | The email account that was found in the paste (this field is required). |
date | timestamp with time zone | The date and time that the paste was posted. This is taken directly from the paste site when this information is available but may be null if no date is published. | |
email_count | bigint | The number of emails that were found when processing the paste. | |
id | text | The ID of the paste as it was given at the source service. Combined with the 'source' attribute, this can be used to resolve the URL of the paste. | |
source | text | The paste service the record was retrieved from. Current values are: Pastebin, Pastie, Slexy, Ghostbin, QuickLeak, JustPaste, AdHocUrl, PermanentOptOut, OptOut. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | The title of the paste as observed on the source site. This may be null and if so will be omitted from the response. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- hibp
You can pass the configuration to the command with the --config
argument:
steampipe_export_hibp --config '<your_config>' hibp_paste