Have I Been Pwned MCP Server

Have I Been Pwned MCP Server

Mirror of

MCP-Mirror

Research & Data
Visit Server

README

Have I Been Pwned MCP Server

smithery badge

A Model Context Protocol (MCP) server that provides integration with the Have I Been Pwned API to check if your accounts or passwords have been compromised in data breaches.

Features

This MCP server provides four main tools:

  1. check_email: Check if an email address has been found in data breaches
  2. check_password: Check if a password has been exposed in data breaches (using k-anonymity)
  3. get_breach_details: Get detailed information about a specific data breach
  4. list_all_breaches: List all breaches in the system, optionally filtered by domain

Installation

Installing via Smithery

To install hibp-mcp-server for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @Cyreslab-AI/hibp-mcp-server --client claude

Prerequisites

Setup

  1. Clone this repository:

    git clone https://github.com/Cyreslab-AI/hibp-mcp-server.git
cd hibp-mcp-server

  2. Install dependencies:

    npm install

  3. Build the server:

    npm run build

  4. Configure the server in your MCP settings file:

    For Claude VSCode extension, add to ~/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json:

    {
  "mcpServers": {
    "hibp": {
      "command": "node",
      "args": ["/path/to/hibp-mcp-server/build/index.js"],
      "env": {
        "HIBP_API_KEY": "YOUR_API_KEY_HERE"
      },
      "disabled": false,
      "autoApprove": []
    }
  }
}

    For Claude desktop app, add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or similar path on other platforms.

Usage Examples

Once the server is configured, you can use it with Claude to check for data breaches:

Check Email

User: Has my email address example@gmail.com been pwned?

Claude: Good news! This email address has not been found in any known data breaches.

Or if the email was found in breaches:

User: Has my email address breached@example.com been pwned?

Claude: ⚠️ This email address was found in 3 data breaches.

Breach details:

1. Adobe (2013-10-04)
   Domain: adobe.com
   Description: In October 2013, 153 million Adobe accounts were breached...
   Compromised data: Email addresses, Password hints, Passwords, Usernames

2. LinkedIn (2012-05-05)
   Domain: linkedin.com
   Description: In May 2016, LinkedIn had 164 million email addresses and passwords exposed...
   Compromised data: Email addresses, Passwords

3. Dropbox (2012-07-01)
   Domain: dropbox.com
   Description: In mid-2012, Dropbox suffered a data breach which exposed...
   Compromised data: Email addresses, Passwords

Recommendations:
- Change your password for these services immediately
- If you used the same password elsewhere, change those too
- Enable two-factor authentication where available
- Consider using a password manager

Check Password

User: Has the password "password123" been exposed in any breaches?

Claude: ⚠️ This password has been exposed in data breaches 123,456 times!

Recommendations:
- Stop using this password immediately
- Change it on any site where you use it
- Use a unique, strong password for each account
- Consider using a password manager

Get Breach Details

User: Tell me about the LinkedIn data breach

Claude: # LinkedIn Data Breach

**Date:** 2012-05-05
**Domain:** linkedin.com
**Accounts affected:** 164,611,595
**Verified:** Yes
**Data leaked:** Email addresses, Passwords

**Description:**
In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

**Recommendations:**
- If you had an account on this service, change your password
- If you used the same password elsewhere, change those too
- Monitor your accounts for suspicious activity
- Be cautious of phishing attempts that may use this leaked information

List All Breaches

User: List all Adobe data breaches

Claude: Found 1 breaches for domain adobe.com:

1. Adobe (2013-10-04)
   Domain: adobe.com
   Accounts affected: 152,445,165
   Compromised data: Email addresses, Password hints, Passwords, Usernames

Security Notes

  • The password checking feature uses k-anonymity to check passwords without sending the full password to the Have I Been Pwned API
  • Only the first 5 characters of the SHA-1 hash of the password are sent to the API
  • The API returns a list of hash suffixes that match the prefix, and the check is completed locally

API Key Configuration

This server requires a Have I Been Pwned API key to function for most features (except password checking). You can get an API key at haveibeenpwned.com/API/Key.

The API key should be provided as an environment variable named HIBP_API_KEY in your MCP settings configuration.

License

MIT

Recommended Servers

Crypto Price & Market Analysis MCP Server

Crypto Price & Market Analysis MCP Server

A Model Context Protocol (MCP) server that provides comprehensive cryptocurrency analysis using the CoinCap API. This server offers real-time price data, market analysis, and historical trends through an easy-to-use interface.

Featured
TypeScript
MCP PubMed Search

MCP PubMed Search

Server to search PubMed (PubMed is a free, online database that allows users to search for biomedical and life sciences literature). I have created on a day MCP came out but was on vacation, I saw someone post similar server in your DB, but figured to post mine.

Featured
Python
dbt Semantic Layer MCP Server

dbt Semantic Layer MCP Server

A server that enables querying the dbt Semantic Layer through natural language conversations with Claude Desktop and other AI assistants, allowing users to discover metrics, create queries, analyze data, and visualize results.

Featured
TypeScript
mixpanel

mixpanel

Connect to your Mixpanel data. Query events, retention, and funnel data from Mixpanel analytics.

Featured
TypeScript
Sequential Thinking MCP Server

Sequential Thinking MCP Server

This server facilitates structured problem-solving by breaking down complex issues into sequential steps, supporting revisions, and enabling multiple solution paths through full MCP integration.

Featured
Python
Nefino MCP Server

Nefino MCP Server

Provides large language models with access to news and information about renewable energy projects in Germany, allowing filtering by location, topic (solar, wind, hydrogen), and date range.

Official
Python
Vectorize

Vectorize

Vectorize MCP server for advanced retrieval, Private Deep Research, Anything-to-Markdown file extraction and text chunking.

Official
JavaScript
Mathematica Documentation MCP server

Mathematica Documentation MCP server

A server that provides access to Mathematica documentation through FastMCP, enabling users to retrieve function documentation and list package symbols from Wolfram Mathematica.

Local
Python
kb-mcp-server

kb-mcp-server

An MCP server aimed to be portable, local, easy and convenient to support semantic/graph based retrieval of txtai "all in one" embeddings database. Any txtai embeddings db in tar.gz form can be loaded

Local
Python
Research MCP Server

Research MCP Server

The server functions as an MCP server to interact with Notion for retrieving and creating survey data, integrating with the Claude Desktop Client for conducting and reviewing surveys.

Local
Python