Skip to main content
Glama
enesjakozh

Have I Been Pwned MCP Server

by Cyreslab-AI
OverviewInspectNewSchemaRelated ServersScore
JavaScript
Remote
MIT License
2
  • Apple

¿Me han pirateado el servidor MCP?

insignia de herrería

Un servidor de Protocolo de Contexto de Modelo (MCP) que proporciona integración con la API Have I Been Pwned para verificar si sus cuentas o contraseñas se han visto comprometidas en violaciones de datos.

Características

Este servidor MCP proporciona cuatro herramientas principales:

  1. check_email : Comprueba si una dirección de correo electrónico se ha encontrado en violaciones de datos

  2. check_password : Comprueba si una contraseña ha sido expuesta en violaciones de datos (utilizando k-anonymity)

  3. get_breach_details : Obtenga información detallada sobre una violación de datos específica

  4. list_all_breaches : enumera todas las infracciones en el sistema, opcionalmente filtradas por dominio

Instalación

Instalación mediante herrería

Para instalar hibp-mcp-server para Claude Desktop automáticamente a través de Smithery :

npx -y @smithery/cli install @Cyreslab-AI/hibp-mcp-server --client claude

Prerrequisitos

Configuración

  1. Clonar este repositorio:

    git clone https://github.com/Cyreslab-AI/hibp-mcp-server.git cd hibp-mcp-server

  2. Instalar dependencias:

    npm install

  3. Construir el servidor:

    npm run build

  4. Configure el servidor en su archivo de configuración MCP:

    Para la extensión VSCode de Claude, agregue a ~/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json :

    { "mcpServers": { "hibp": { "command": "node", "args": ["/path/to/hibp-mcp-server/build/index.js"], "env": { "HIBP_API_KEY": "YOUR_API_KEY_HERE" }, "disabled": false, "autoApprove": [] } } }

    Para la aplicación de escritorio Claude, agréguela a ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) o una ruta similar en otras plataformas.

Ejemplos de uso

Una vez configurado el servidor, puedes usarlo con Claude para comprobar si hay violaciones de datos:

Revisar el correo electrónico

User: Has my email address example@gmail.com been pwned? Claude: Good news! This email address has not been found in any known data breaches.

O si el correo electrónico fue encontrado en infracciones:

User: Has my email address breached@example.com been pwned? Claude: ⚠️ This email address was found in 3 data breaches. Breach details: 1. Adobe (2013-10-04) Domain: adobe.com Description: In October 2013, 153 million Adobe accounts were breached... Compromised data: Email addresses, Password hints, Passwords, Usernames 2. LinkedIn (2012-05-05) Domain: linkedin.com Description: In May 2016, LinkedIn had 164 million email addresses and passwords exposed... Compromised data: Email addresses, Passwords 3. Dropbox (2012-07-01) Domain: dropbox.com Description: In mid-2012, Dropbox suffered a data breach which exposed... Compromised data: Email addresses, Passwords Recommendations: - Change your password for these services immediately - If you used the same password elsewhere, change those too - Enable two-factor authentication where available - Consider using a password manager

Comprobar contraseña

User: Has the password "password123" been exposed in any breaches? Claude: ⚠️ This password has been exposed in data breaches 123,456 times! Recommendations: - Stop using this password immediately - Change it on any site where you use it - Use a unique, strong password for each account - Consider using a password manager

Obtenga detalles de la infracción

User: Tell me about the LinkedIn data breach Claude: # LinkedIn Data Breach **Date:** 2012-05-05 **Domain:** linkedin.com **Accounts affected:** 164,611,595 **Verified:** Yes **Data leaked:** Email addresses, Passwords **Description:** In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data. **Recommendations:** - If you had an account on this service, change your password - If you used the same password elsewhere, change those too - Monitor your accounts for suspicious activity - Be cautious of phishing attempts that may use this leaked information

Listar todas las infracciones

User: List all Adobe data breaches Claude: Found 1 breaches for domain adobe.com: 1. Adobe (2013-10-04) Domain: adobe.com Accounts affected: 152,445,165 Compromised data: Email addresses, Password hints, Passwords, Usernames

Notas de seguridad

  • La función de verificación de contraseñas utiliza k-anonimato para verificar contraseñas sin enviar la contraseña completa a la API Have I Been Pwned

  • Solo se envían a la API los primeros 5 caracteres del hash SHA-1 de la contraseña

  • La API devuelve una lista de sufijos hash que coinciden con el prefijo y la verificación se completa localmente.

Configuración de la clave API

Este servidor requiere una clave API de Have I Been Pwned para la mayoría de las funciones (excepto la verificación de contraseñas). Puedes obtener una clave API en haveibeenpwned.com/API/Key .

La clave API debe proporcionarse como una variable de entorno denominada HIBP_API_KEY en la configuración de MCP.

Licencia

Instituto Tecnológico de Massachusetts (MIT)

Deploy Server
A
security – no known vulnerabilities
A
license - permissive license
A
quality - confirmed to work

How are these scores calculated?

Related Resources

Tools

Related MCP Servers

  • Supabase MCP Server

    JoshuaRileyDev
    A
    security
    F
    license
    A
    quality
    A Model Context Protocol (MCP) server that provides programmatic access to the Supabase Management API. This server allows AI models and other clients to manage Supabase projects and organizations through a standardized interface.
    Last updated -
    50
    50

  • mcp-hn

    erithwik
    A
    security
    A
    license
    A
    quality
    A Model Context Protocol (MCP) server that provides tools for searching and fetching information from Hacker News.
    Last updated -
    4
    55
    MIT License
    • Apple

  • MCP Server

    la-rebelion
    -
    security
    A
    license
    -
    quality
    MCP Server simplifies the implementation of the Model Context Protocol by providing a user-friendly API to create custom tools and manage server workflows efficiently.
    Last updated -
    6
    4
    MIT License

  • MCP Server

    agentico-dev
    -
    security
    A
    license
    -
    quality
    MCP Server provides a simpler API to interact with the Model Context Protocol by allowing users to define custom tools and services to streamline workflows and processes.
    Last updated -
    2
    3
    MIT License

View all related MCP servers

New MCP Servers

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Cyreslab-AI/hibp-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server