Skip to content

Commit

Permalink
Merge pull request #223 from T0pCyber/bugfix/216-bug-pwncheckfunction…
Browse files Browse the repository at this point in the history 
…-not-working

Bugfix/216 bug pwncheckfunction not working
  • Loading branch information
@T0pCyber
T0pCyber authored Jan 8, 2025
2 parents 2208dfe + b7643ba commit a6721d8
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 38 deletions.
1 change: 1 addition & 0 deletions Hawk/changelog.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@
- Removed ability to detect RBAC Application Impersonation as this is being deprecated / removed in FEB 2025.
- Updated Out-Log file, adding -Information parameter for tagging prompts with INFO for status updates.
- Updated Out-Log file, modifying -Notice parameter for tagging prompts with INVESTIGATE in brackets instead of asterisks, for uniformity purposes.
- Corrected HawkUserPWNCheck to accept proper input and provide user with accurate errors.
- Fixed critical lack of avian artwork in startup sequence by adding ASCII welcome banner.
- Updated all post Global Hawk Variable Initialized code to use prompt tagging.
- Modified Out-MultipleFileType to not output "appending to file" to STDOUT repetitively.
Expand Down
99 changes: 61 additions & 38 deletions Hawk/functions/User/Get-HawkUserPWNCheck.ps1
View file
Original file line number Diff line number Diff line change
@@ -1,64 +1,87 @@
Function Get-HawkUserPWNCheck {
<#
.SYNOPSIS
Checks an email address against haveibeenpwned.com
.DESCRIPTION
Checks a single email address against HaveIBeenPwned. An API key is required and can be obtained from https://haveibeenpwned.com/API/Key for $3.50 a month.
This script will prompt for the key if $hibpkey is not set as a variable.
.PARAMETER Email
Accepts since EMail address or array of Email address strings.
DOES NOT Accept an array of objects (it will end up checked the UPN and not the email address)
.OUTPUTS
File: Have_I_Been_Pwned.txt
Path: \<user>
Description: Information returned from the pwned database
.EXAMPLE
Start-HawkUserPWNCheck -Email [email protected]
<#
.SYNOPSIS
Checks an email address against haveibeenpwned.com
.DESCRIPTION
Checks a single email address against HaveIBeenPwned. An API key is required and can be obtained from https://haveibeenpwned.com/API/Key for $3.50 a month.
This script will prompt for the key if $hibpkey is not set as a variable.
.PARAMETER EmailAddress
Accepts since EMail address or array of Email address strings.
DOES NOT Accept an array of objects (it will end up checked the UPN and not the email address)
.OUTPUTS
File: Have_I_Been_Pwned.txt
Path: \<user>
Description: Information returned from the pwned database
.EXAMPLE
Get-HawkUserPWNCheck -EmailAddress [email protected]
Returns the pwn state of the email address provided
#>
param([array]$Email)
Returns the pwn state of the email address provided
#>

param(
[string[]]$EmailAddress
)

# if there is no value of hibpkey then we need to get it from the user
BEGIN {if ($null -eq $hibpkey) {

Write-Host -ForegroundColor Green "
if ($null -eq $hibpkey) {
Write-Information "
HaveIBeenPwned.com now requires an API access key to gather Stats with from their API.
Please purchase an API key for $3.50 a month from get a Free access key from https://haveibeenpwned.com/API/Key and provide it below.
" -InformationAction Continue
Please purchase an API key for `$3.95 a month from get a Free access key from https://haveibeenpwned.com/API/Key and provide it below.
$hibpkey = Read-Host "haveibeenpwned.com apikey"
}

[array]$UserArray = Test-UserObject -ToTest $Email
$headers = @{ 'hibp-api-key' = $hibpkey }
}
}#End of BEGIN block
# Verify our UPN input
PROCESS {[array]$UserArray = Test-UserObject -ToTest $EmailAddress
$headers=@{'hibp-api-key' = $hibpkey}
foreach ($Object in $UserArray) {
$User = [string]$Object.UserPrincipalName
$uriEncodeEmail = [uri]::EscapeDataString($User)
[string]$User = $Object.UserPrincipalName
$InvokeURL = 'https://haveibeenpwned.com/api/v3/breachedaccount/' + $uriEncodeEmail + '?truncateResponse=false'
$Error.Clear()
# Convert the email to URL encoding
$uriEncodeEmail = [uri]::EscapeDataString($($user))
# Build and invoke the URL
$InvokeURL = 'https://haveibeenpwned.com/api/v3/breachedaccount/' + $uriEncodeEmail + '?truncateResponse=false'
$Error.clear()
#Will catch the error if the email is not found. 404 error means that the email is not found in the database.
#https://haveibeenpwned.com/API/v3#ResponseCodes contains the response codes for the API
try {
$Result = Invoke-WebRequest $InvokeURL -Headers $headers -UserAgent 'Hawk' -ErrorAction Stop
$Result = Invoke-WebRequest -Uri $InvokeURL -Headers $headers -userAgent 'Hawk' -ErrorAction Stop
}
catch {
switch ($Error[0].Exception.Response.StatusCode) {
NotFound {
Write-Output "Email Not Found to be Pwned"
$StatusCode = $_.Exception.Response.StatusCode
$ErrorMessage = $_.Exception.Message
switch ($StatusCode) {
NotFound{
write-host "Email Provided Not Found in Pwned Database"
return
}
Unauthorized{
write-host "Unauthorised Access - API key provided is not valid or has expired"
return
}
Default {
Write-Error "[ERROR] - Failure to retrieve pwned status"
Write-Output $Error
write-host $ErrorMessage
return
}
}
}
$Pwned = $Result.Content | ConvertFrom-Json
Out-LogFile ("Email Address found in " + $Pwned.Count) -Notice
$Pwned | Out-MultipleFileType -FilePrefix "Have_I_Been_Pwned" -User $User -Txt
# Convert the result into a PS custgom object
$Pwned = $Result.content | ConvertFrom-Json
# Output the value
Out-LogFile ("Email Address found in " + $pwned.count)
$Pwned | Out-MultipleFileType -FilePreFix "Have_I_Been_Pwned" -user $user -txt
}
}#End of PROCESS block
END {
Start-Sleep -Milliseconds 1500
}
}#End of END block
}

0 comments on commit a6721d8

Please sign in to comment.