hibp-mcp-server

hibp-mcp-server

0
security

The Have I Been Pwned MCP Server is a protocol server designed to interface with Have I Been Pwned's API. It checks email and password exposures and provides detailed breach information. The project focuses on privacy using k-anonymity for secure password checks.

Have I Been Pwned MCP Server

A Model Context Protocol (MCP) server integrating with the Have I Been Pwned API to check for compromised accounts or passwords.

Features

  • check_email: Verify if an email is compromised.
  • check_password: Check password exposure using k-anonymity.
  • get_breach_details: Retrieve data breach details.
  • list_all_breaches: List breaches, filterable by domain.

Installation

  • Requires Node.js and npm.
  • Obtain a Have I Been Pwned API key.
  • Install via Smithery or clone and build manually.

Usage Examples

  • Check if emails or passwords have been breached.
  • Retrieve breach specifics for further action.

Security Notes

  • Uses k-anonymity for password checks, sending only partial hashes to the API.