I suggest you ...

Add domain search capability to the API functions

I've been subscribing to the alerts for breaches related to our corporate domain, which is fantastic, but now that we have Splunk in house, I was hoping to connect directly to the API from a forwarder.

145 votes
Sign in
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Password icon
Signed in as (Sign out)
  • Sultan commented  ·   ·  Flag as inappropriate

    I wonder how the Cyber Threat Intel companies are able to alert organizations with an export based on domains we pass along to them as keywords.

    Any idea?

  • dgreenwood-threatpipes commented  ·   ·  Flag as inappropriate

    It would be perfect (for out use case) to offer some sort of org / user structure.

    e.g. someone at domain (org) registers and validates ownership. This persons can then add / remove other users in org each with unique keys.

    Obviously I'm aware this requires some retooling :) Good to hear there's something in the pipeline, Troy!

  • AdminTroy Hunt (CEO / Founder, Have I been pwned?) commented  ·   ·  Flag as inappropriate

    I'm keeping this idea open but also still under consideration. The main reason is that the present model of searching domains ensures the requestor still has control of the domain at the point of search. A persistent API key could still be used by someone who leaves the organisation and should no longer be authorised to access the data.

    That's the background, there's a few things in the pipeline that *may* make this more feasible, but there's no timeline as of now.

  • Sean commented  ·   ·  Flag as inappropriate

    I would love to be able to do a domain search for breaches and pastes using the API as well.

    It would decrease the load on your (already very efficient from the cloudflare caching and Azure functions) system(s) and processing time on mine. What I have to do now is iterate over my active accounts and aliases, then send each one to the API with a 1600 ms delay in between so I can collect breach information about my organizations accounts. If there were 3487 accounts/aliases, that would take about 1.5 hours. And I miss out on breach and paste data about no longer active accounts in my domain.

    If I could make an API call with the key you send me when you notify me of one of my active domain accounts showing up in a breach, I could get the data in one shot or two (one for pastes, one for breaches).
    ex: https://haveibeenpwned.com/DomainSearch/abc123def345ghi678jkl901mno234pqr5
    Where abc123def345ghi678jkl901mno234pqr5 is the key.

    Using the key you send in the "Run another domain search" link button along with the domain, I'd be using a key that's already been created during the domain control verification process. I could send the domain as a second factor.

    Possible? Likely?

  • KM commented  ·   ·  Flag as inappropriate

    This would be really appreciated. Even without SPLUNK I'd like the ability to check a domain against this database. Even if that means the results are partially anonymized. For example returning the amount of found mail addresses and in how many breaches total. Without returning the actual mail addresses would be great already.

Feedback and Knowledge Base