diff --git a/Hawk/changelog.md b/Hawk/changelog.md index 0146293..4a6abce 100644 --- a/Hawk/changelog.md +++ b/Hawk/changelog.md @@ -78,6 +78,7 @@ - Removed ability to detect RBAC Application Impersonation as this is being deprecated / removed in FEB 2025. - Updated Out-Log file, adding -Information parameter for tagging prompts with INFO for status updates. - Updated Out-Log file, modifying -Notice parameter for tagging prompts with INVESTIGATE in brackets instead of asterisks, for uniformity purposes. +- Corrected HawkUserPWNCheck to accept proper input and provide user with accurate errors. - Fixed critical lack of avian artwork in startup sequence by adding ASCII welcome banner. - Updated all post Global Hawk Variable Initialized code to use prompt tagging. - Modified Out-MultipleFileType to not output "appending to file" to STDOUT repetitively. diff --git a/Hawk/functions/User/Get-HawkUserPWNCheck.ps1 b/Hawk/functions/User/Get-HawkUserPWNCheck.ps1 index 0912ddf..744fbbd 100644 --- a/Hawk/functions/User/Get-HawkUserPWNCheck.ps1 +++ b/Hawk/functions/User/Get-HawkUserPWNCheck.ps1 @@ -1,64 +1,87 @@ Function Get-HawkUserPWNCheck { - <# - .SYNOPSIS - Checks an email address against haveibeenpwned.com - .DESCRIPTION - Checks a single email address against HaveIBeenPwned. An API key is required and can be obtained from https://haveibeenpwned.com/API/Key for $3.50 a month. - This script will prompt for the key if $hibpkey is not set as a variable. - .PARAMETER Email - Accepts since EMail address or array of Email address strings. - DOES NOT Accept an array of objects (it will end up checked the UPN and not the email address) - .OUTPUTS - File: Have_I_Been_Pwned.txt - Path: \ - Description: Information returned from the pwned database - .EXAMPLE - Start-HawkUserPWNCheck -Email user@company.com +<# +.SYNOPSIS + Checks an email address against haveibeenpwned.com +.DESCRIPTION + Checks a single email address against HaveIBeenPwned. An API key is required and can be obtained from https://haveibeenpwned.com/API/Key for $3.50 a month. + This script will prompt for the key if $hibpkey is not set as a variable. +.PARAMETER EmailAddress + Accepts since EMail address or array of Email address strings. + DOES NOT Accept an array of objects (it will end up checked the UPN and not the email address) +.OUTPUTS + File: Have_I_Been_Pwned.txt + Path: \ + Description: Information returned from the pwned database +.EXAMPLE + Get-HawkUserPWNCheck -EmailAddress user@company.com - Returns the pwn state of the email address provided - #> - param([array]$Email) + Returns the pwn state of the email address provided +#> + + param( + [string[]]$EmailAddress + ) + + # if there is no value of hibpkey then we need to get it from the user + BEGIN {if ($null -eq $hibpkey) { + + Write-Host -ForegroundColor Green " - if ($null -eq $hibpkey) { - Write-Information " HaveIBeenPwned.com now requires an API access key to gather Stats with from their API. - Please purchase an API key for $3.50 a month from get a Free access key from https://haveibeenpwned.com/API/Key and provide it below. - " -InformationAction Continue + Please purchase an API key for `$3.95 a month from get a Free access key from https://haveibeenpwned.com/API/Key and provide it below. $hibpkey = Read-Host "haveibeenpwned.com apikey" - } - - [array]$UserArray = Test-UserObject -ToTest $Email - $headers = @{ 'hibp-api-key' = $hibpkey } + } + }#End of BEGIN block + # Verify our UPN input + PROCESS {[array]$UserArray = Test-UserObject -ToTest $EmailAddress + $headers=@{'hibp-api-key' = $hibpkey} foreach ($Object in $UserArray) { $User = [string]$Object.UserPrincipalName $uriEncodeEmail = [uri]::EscapeDataString($User) + [string]$User = $Object.UserPrincipalName - $InvokeURL = 'https://haveibeenpwned.com/api/v3/breachedaccount/' + $uriEncodeEmail + '?truncateResponse=false' - $Error.Clear() + # Convert the email to URL encoding + $uriEncodeEmail = [uri]::EscapeDataString($($user)) + # Build and invoke the URL + $InvokeURL = 'https://haveibeenpwned.com/api/v3/breachedaccount/' + $uriEncodeEmail + '?truncateResponse=false' + $Error.clear() + #Will catch the error if the email is not found. 404 error means that the email is not found in the database. + #https://haveibeenpwned.com/API/v3#ResponseCodes contains the response codes for the API try { - $Result = Invoke-WebRequest $InvokeURL -Headers $headers -UserAgent 'Hawk' -ErrorAction Stop + $Result = Invoke-WebRequest -Uri $InvokeURL -Headers $headers -userAgent 'Hawk' -ErrorAction Stop } catch { - switch ($Error[0].Exception.Response.StatusCode) { - NotFound { - Write-Output "Email Not Found to be Pwned" + $StatusCode = $_.Exception.Response.StatusCode + $ErrorMessage = $_.Exception.Message + switch ($StatusCode) { + NotFound{ + write-host "Email Provided Not Found in Pwned Database" + return + } + Unauthorized{ + write-host "Unauthorised Access - API key provided is not valid or has expired" return } Default { - Write-Error "[ERROR] - Failure to retrieve pwned status" - Write-Output $Error + write-host $ErrorMessage return } } } - $Pwned = $Result.Content | ConvertFrom-Json - Out-LogFile ("Email Address found in " + $Pwned.Count) -Notice - $Pwned | Out-MultipleFileType -FilePrefix "Have_I_Been_Pwned" -User $User -Txt + # Convert the result into a PS custgom object + $Pwned = $Result.content | ConvertFrom-Json + # Output the value + Out-LogFile ("Email Address found in " + $pwned.count) + $Pwned | Out-MultipleFileType -FilePreFix "Have_I_Been_Pwned" -user $user -txt + + } + }#End of PROCESS block + END { Start-Sleep -Milliseconds 1500 - } + }#End of END block }