Hibp Mcp Server
What is Hibp Mcp Server
HIBP-MCP-Server is a Model Context Protocol (MCP) server designed for the Have I Been Pwned (HIBP) API, enabling users to query breach data using natural language.
Use cases
Use cases include personal security checks for individuals, integration into security tools for businesses, and educational purposes for teaching about data breaches.
How to use
To use HIBP-MCP-Server, install it via NPM or clone the repository for local development. Configure your MCP client with your HIBP API key and set up the necessary environment variables.
Key features
Key features include checking if an email address has been involved in a data breach, retrieving details about specific breaches, verifying if a password has been exposed, and checking if an email appears in pastes.
Where to use
HIBP-MCP-Server can be utilized in cybersecurity applications, data breach monitoring services, and any platform that requires user data protection and breach awareness.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Hibp Mcp Server
HIBP-MCP-Server is a Model Context Protocol (MCP) server designed for the Have I Been Pwned (HIBP) API, enabling users to query breach data using natural language.
Use cases
Use cases include personal security checks for individuals, integration into security tools for businesses, and educational purposes for teaching about data breaches.
How to use
To use HIBP-MCP-Server, install it via NPM or clone the repository for local development. Configure your MCP client with your HIBP API key and set up the necessary environment variables.
Key features
Key features include checking if an email address has been involved in a data breach, retrieving details about specific breaches, verifying if a password has been exposed, and checking if an email appears in pastes.
Where to use
HIBP-MCP-Server can be utilized in cybersecurity applications, data breach monitoring services, and any platform that requires user data protection and breach awareness.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
Have I Been Pwned MCP Server
A Model Context Protocol (MCP) server for the Have I Been Pwned (HIBP) API that allows you to query breach data using natural language.
Overview
This MCP server provides tools to interact with the Have I Been Pwned API, allowing you to:
- Check if an email address has been in a data breach
- Get details about specific breaches
- Check if a password has been exposed in known data breaches
- Check if an email address appears in pastes
Installation & Configuration
Option 1: NPM Installation (Recommended)
- Install Node.js (v22.10.0 or higher recommended)
- Get your HIBP API key from https://haveibeenpwned.com/API/Key
- Configure your MCP client (e.g., Claude Desktop ) with:
{
"mcpServers": {
"HIBP-MCP": {
"command": "npx",
"args": [
"-y",
"@darrenjrobinson/hibp-mcp"
],
"env": {
"HIBP_API_KEY": "<your-hibp-api-key>",
"HIBP_SUBSCRIPTION_PLAN": "Pwned 1"
}
}
}
}Option 2: Local Development
- Clone this repository:
git clone https://github.com/darrenjrobinson/HIBP-MCP-Server.git
- Install dependencies:
cd HIBP-MCP-Server
npm install
- Build the project:
npm run build
- Configure your MCP client with:
{
"mcpServers": {
"HIBP-MCP": {
"command": "node",
"args": [
"path/to/hibp-mcp/build/main.js"
],
"env": {
"HIBP_API_KEY": "<your-hibp-api-key>",
"HIBP_SUBSCRIPTION_PLAN": "Pwned 1"
}
}
}
}Environment Variables
| Name | Description |
|---|---|
HIBP_API_KEY |
Your Have I Been Pwned API key |
HIBP_SUBSCRIPTION_PLAN |
Your HIBP API subscription plan (Pwned 1, Pwned 2, Pwned 3, Pwned 4, or Pwned 5) |
Usage Examples
Once configured, you can ask Claude natural language questions about data breaches. Here are some examples:
Checking Email Breaches
- “Has email address [email protected] appeared in any data breaches?”
- “What breaches contain the email address [email protected]?”
- “Show me all breaches for [email protected]”
Checking Specific Breaches
- “Tell me about the LinkedIn data breach”
- “What data was exposed in the Adobe breach?”
- “List all known data breaches”
Checking Passwords
- “Has the password ‘Password123’ been exposed in any breaches?”
- “Is my password ‘MySecurePass2024’ safe to use?”
- “Check if this password has been compromised: ‘TestPass1234’”
Checking Pastes
- “Has [email protected] appeared in any pastes?”
- “Show me paste data for [email protected]”
Tools
HIBP-Breaches
Query breached accounts and breaches from the Have I Been Pwned API.
Parameters:
operation: The HIBP operation to perform (getAllBreachesForAccount, getAllBreachedSites, getBreachByName, getDataClasses)account: Email address to check for breaches (required for getAllBreachesForAccount)domain: Domain to filter breaches by (optional)name: Breach name to get details for (required for getBreachByName)includeUnverified: Whether to include unverified breaches (optional)truncateResponse: Whether to truncate the response (optional)
HIBP-Pastes
Query pastes containing account data from the Have I Been Pwned API.
Parameters:
account: Email address to check for pastes (required)
HIBP-PwnedPasswords
Check if a password has been exposed in data breaches using the Pwned Passwords API.
Parameters:
password: Password to check (will be hashed locally before sending and only the first 5 characters sent)
Security Note
Passwords checked through the HIBP-PwnedPasswords tool are never sent in plain text. They are hashed locally using SHA-1, and only the first 5 characters of the hash are sent to the API using k-anonymity.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
License
MIT
Author
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
