Update to PwnCheck – HaveIBeenPwned Query Tool

Update to PwnCheck – HaveIBeenPwned Query Tool


I got caught up in doing this, and now it’s 3:45AM.  C’est la vie!  My loss of sleep is your threat analysis gain.

I’ve made several updates to the PwnCheck tool (used to query the HaveIBeenPwned.com database).

Here they are, in no particular order!

  • Due to terrible humans on the Internet, you now need an API key to query the database.  It costs $3.50 per month.  Thanks for ruining it for everyone, Internet trolls!  To cope with this simultaneously foreseen and unforeseen implementation, I’ve updated the script to take an ApiKey parameter.  Since it’s an authenticated REST API, we need to update the header that we send to include the new version (3) as well as the API key:
    $headers = @{
    "User-Agent" = $UserAgentString.ToString()
    "api-version" = 3
    "hibp-api-key" = $($apikey)
    "truncateResponse" = 'false'
    "includeUnverified" = 'true'
  • I’ve also added a StartDate parameter–this will allow you to proactively filter results AFTER the start date.  This value works against the AddedDate in the parsed return values, as that’s the one that we’re told is the most reliable.  You can supply an ISO 8601-formatted date (which is what HaveIBeenPwned.com uses), or you can use just a standard PowerShell date object, and the script will attempt to convert it to ISO 8601 for you.
  • I made a couple of small coding changes as well and worked on the output a little bit:
    Update to PwnCheck - HaveIBeenPwned Query Tool
  • I started seeing a higher incidence of 429/”Too many requests” rate limiting messages after some of the API changes, so I trapped those and implemented some retry functionality.
  • Added the PerUserSummaryDisplay switch to enable summary display of detected potential breaches to console.  Summary output is logged regardless.
  • And, finally, I added a parameter to allow you to choose whether or not you want Unverified results.  These results haven’t been verified to contain credential data, but may contain other information that users find important.  You can read more about Unverified breaches at https://haveibeenpwned.com/FAQs#UnverifiedBreach.

This tool wouldn’t be possible without the amazing work of Troy Hunt, so be sure to donate if you find his service valuable.

You can go pick up the new version at http://aka.ms/pwncheck.

Published by Aaron Guilmette

Helping companies conquer inferior technology since 1997. I spend my time developing and implementing technology solutions so people can spend less time with technology. Specialties: Active Directory and Exchange consulting and deployment, Virtualization, Disaster Recovery, Office 365, datacenter migration/consolidation, cheese.

Reader Comments

  1. Hi Aaron,

    i tried to use your pwncheck script to check my on premise AD. But it doesnt work. The only output i get is
    “[SUCCESS] :: No breaches detected. w00t!”.
    Even without api key and also with non existent usernames.

    Is the script broken or is it my fault?

    Can you help?

    Thank you.

    Best regards.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.