Skip to main content
Glama
enesjakozh

Have I Been Pwned MCP Server

by Cyreslab-AI
GitHub
JavaScript
MIT License
  • Apple
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

Have I Been Pwned MCP Server

A Model Context Protocol (MCP) server that provides integration with the Have I Been Pwned API to check if your accounts or passwords have been compromised in data breaches.

Features

This MCP server provides four main tools:

  1. check_email: Check if an email address has been found in data breaches
  2. check_password: Check if a password has been exposed in data breaches (using k-anonymity)
  3. get_breach_details: Get detailed information about a specific data breach
  4. list_all_breaches: List all breaches in the system, optionally filtered by domain

Installation

Installing via Smithery

To install hibp-mcp-server for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @Cyreslab-AI/hibp-mcp-server --client claude

Prerequisites

Setup

  1. Clone this repository:
    git clone https://github.com/Cyreslab-AI/hibp-mcp-server.git cd hibp-mcp-server
  2. Install dependencies:
    npm install
  3. Build the server:
    npm run build
  4. Configure the server in your MCP settings file:For Claude VSCode extension, add to ~/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json:
    { "mcpServers": { "hibp": { "command": "node", "args": ["/path/to/hibp-mcp-server/build/index.js"], "env": { "HIBP_API_KEY": "YOUR_API_KEY_HERE" }, "disabled": false, "autoApprove": [] } } }
    For Claude desktop app, add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or similar path on other platforms.

Usage Examples

Once the server is configured, you can use it with Claude to check for data breaches:

Check Email

User: Has my email address example@gmail.com been pwned? Claude: Good news! This email address has not been found in any known data breaches.

Or if the email was found in breaches:

User: Has my email address breached@example.com been pwned? Claude: ⚠️ This email address was found in 3 data breaches. Breach details: 1. Adobe (2013-10-04) Domain: adobe.com Description: In October 2013, 153 million Adobe accounts were breached... Compromised data: Email addresses, Password hints, Passwords, Usernames 2. LinkedIn (2012-05-05) Domain: linkedin.com Description: In May 2016, LinkedIn had 164 million email addresses and passwords exposed... Compromised data: Email addresses, Passwords 3. Dropbox (2012-07-01) Domain: dropbox.com Description: In mid-2012, Dropbox suffered a data breach which exposed... Compromised data: Email addresses, Passwords Recommendations: - Change your password for these services immediately - If you used the same password elsewhere, change those too - Enable two-factor authentication where available - Consider using a password manager

Check Password

User: Has the password "password123" been exposed in any breaches? Claude: ⚠️ This password has been exposed in data breaches 123,456 times! Recommendations: - Stop using this password immediately - Change it on any site where you use it - Use a unique, strong password for each account - Consider using a password manager

Get Breach Details

User: Tell me about the LinkedIn data breach Claude: # LinkedIn Data Breach **Date:** 2012-05-05 **Domain:** linkedin.com **Accounts affected:** 164,611,595 **Verified:** Yes **Data leaked:** Email addresses, Passwords **Description:** In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data. **Recommendations:** - If you had an account on this service, change your password - If you used the same password elsewhere, change those too - Monitor your accounts for suspicious activity - Be cautious of phishing attempts that may use this leaked information

List All Breaches

User: List all Adobe data breaches Claude: Found 1 breaches for domain adobe.com: 1. Adobe (2013-10-04) Domain: adobe.com Accounts affected: 152,445,165 Compromised data: Email addresses, Password hints, Passwords, Usernames

Security Notes

  • The password checking feature uses k-anonymity to check passwords without sending the full password to the Have I Been Pwned API
  • Only the first 5 characters of the SHA-1 hash of the password are sent to the API
  • The API returns a list of hash suffixes that match the prefix, and the check is completed locally

API Key Configuration

This server requires a Have I Been Pwned API key to function for most features (except password checking). You can get an API key at haveibeenpwned.com/API/Key.

The API key should be provided as an environment variable named HIBP_API_KEY in your MCP settings configuration.

License

MIT

Install Server
A
security – no known vulnerabilities
A
license - permissive license
A
quality - confirmed to work

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

Tools

A Model Context Protocol (MCP) server that provides integration with the Have I Been Pwned API to check if your accounts or passwords have been compromised in data breaches.

  1. Features
    1. Installation
      1. Installing via Smithery
      2. Prerequisites
      3. Setup
    2. Usage Examples
      1. Check Email
      2. Check Password
      3. Get Breach Details
      4. List All Breaches
    3. Security Notes
      1. API Key Configuration
        1. License

          Related MCP Servers

          • mcp-hn

            erithwik
            A
            security
            A
            license
            A
            quality
            A Model Context Protocol (MCP) server that provides tools for searching and fetching information from Hacker News.
            Last updated -
            4
            6
            Python
            MIT License
            • Apple

          • mcp-turso-cloud

            spences10
            A
            security
            A
            license
            A
            quality
            🗂️ A Model Context Protocol (MCP) server that provides integration with Turso databases for LLMs. This server implements a two-level authentication system to handle both organization-level and database-level operations, making it easy to manage and query Turso databases directly from LLMs.
            Last updated -
            8
            35
            6
            TypeScript
            MIT License
            • Linux

          • MCP API Service

            nstanw
            A
            security
            F
            license
            A
            quality
            A Model Context Protocol (MCP) server that interacts with system APIs, allowing users to check connections, search employees, register breakfast, and update chemical information by shifts.
            Last updated -
            21
            37
            JavaScript

          • SSH MCP Server

            mfangtao
            -
            security
            F
            license
            -
            quality
            A server that enables remote command execution over SSH through the Model Context Protocol (MCP), supporting both password and private key authentication.
            Last updated -
            JavaScript

          View all related MCP servers

          New MCP Servers

          MCP directory API

          We provide all the information about MCP servers via our MCP API.

          curl -X GET 'https://glama.ai/api/mcp/v1/servers/Cyreslab-AI/hibp-mcp-server'

          If you have feedback or need assistance with the MCP directory API, please join our Discord server