The Have I Been Pwned MCP Server integrates with the Have I Been Pwned API to check for compromised accounts and passwords in data breaches. It provides four main functions:
- check_email: Verify if an email address was exposed in data breaches, with options to include unverified breaches
- check_password: Check if a password has been exposed using k-anonymity protection
- get_breach_details: Retrieve detailed information about a specific data breach
- list_all_breaches: List all known breaches, with an option to filter by domain
Provides tools to check if email addresses have been found in data breaches, verify if passwords have been exposed, get detailed information about specific data breaches, and list all breaches in the system with optional domain filtering.
Have I Been Pwned MCP Server
A Model Context Protocol (MCP) server that provides integration with the Have I Been Pwned API to check if your accounts or passwords have been compromised in data breaches.
Features
This MCP server provides four main tools:
- check_email: Check if an email address has been found in data breaches
- check_password: Check if a password has been exposed in data breaches (using k-anonymity)
- get_breach_details: Get detailed information about a specific data breach
- list_all_breaches: List all breaches in the system, optionally filtered by domain
Installation
Installing via Smithery
To install hibp-mcp-server for Claude Desktop automatically via Smithery:
Prerequisites
- Node.js (v14 or higher)
- npm (v6 or higher)
- A Have I Been Pwned API key (get one at haveibeenpwned.com/API/Key)
Setup
- Clone this repository:
- Install dependencies:
- Build the server:
- Configure the server in your MCP settings file:For Claude VSCode extension, add to
~/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json
:For Claude desktop app, add to~/Library/Application Support/Claude/claude_desktop_config.json
(macOS) or similar path on other platforms.
Usage Examples
Once the server is configured, you can use it with Claude to check for data breaches:
Check Email
Or if the email was found in breaches:
Check Password
Get Breach Details
List All Breaches
Security Notes
- The password checking feature uses k-anonymity to check passwords without sending the full password to the Have I Been Pwned API
- Only the first 5 characters of the SHA-1 hash of the password are sent to the API
- The API returns a list of hash suffixes that match the prefix, and the check is completed locally
API Key Configuration
This server requires a Have I Been Pwned API key to function for most features (except password checking). You can get an API key at haveibeenpwned.com/API/Key.
The API key should be provided as an environment variable named HIBP_API_KEY
in your MCP settings configuration.
License
MIT
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
A Model Context Protocol (MCP) server that provides integration with the Have I Been Pwned API to check if your accounts or passwords have been compromised in data breaches.
Related MCP Servers
- AsecurityFlicenseAqualityA Model Context Protocol (MCP) server that provides programmatic access to the Supabase Management API. This server allows AI models and other clients to manage Supabase projects and organizations through a standardized interface.Last updated 8 months ago857842JavaScript
- AsecurityAlicenseAqualityA Model Context Protocol (MCP) server that provides tools for searching and fetching information from Hacker News.Last updated 13 days ago448PythonMIT License
- -securityAlicense-qualityMCP Server simplifies the implementation of the Model Context Protocol by providing a user-friendly API to create custom tools and manage server workflows efficiently.Last updated 6 months ago04TypeScriptMIT License
- -securityAlicense-qualityMCP Server provides a simpler API to interact with the Model Context Protocol by allowing users to define custom tools and services to streamline workflows and processes.Last updated 6 months ago23TypeScriptMIT License