내가 MCP 서버에 침투당했나요?

데이터 침해로 인해 계정이나 비밀번호가 손상되었는지 확인하기 위해 Have I Been Pwned API와 통합을 제공하는 MCP(Model Context Protocol) 서버입니다.

특징

이 MCP 서버는 4가지 주요 도구를 제공합니다.

check_email : 데이터 침해 사고에서 이메일 주소가 발견되었는지 확인합니다.
check_password : 데이터 침해로 인해 비밀번호가 노출되었는지 확인합니다(k-익명성 사용)
get_breach_details : 특정 데이터 침해에 대한 자세한 정보를 얻습니다.
list_all_breaches : 도메인별로 필터링하여 시스템의 모든 위반 사항을 나열합니다.

설치

Smithery를 통해 설치

Smithery를 통해 Claude Desktop에 hibp-mcp-server를 자동으로 설치하려면:

지엑스피1

필수 조건

Node.js(v14 이상)
npm(v6 이상)
Have I Been Pwned API 키( haveibeenpwned.com/API/Key 에서 받으세요)

설정

이 저장소를 복제하세요:
git clone https://github.com/Cyreslab-AI/hibp-mcp-server.git cd hibp-mcp-server
종속성 설치:
npm install
서버를 빌드하세요:
npm run build
MCP 설정 파일에서 서버를 구성하세요.Claude VSCode 확장의 경우 ~/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json 에 다음을 추가합니다.
{ "mcpServers": { "hibp": { "command": "node", "args": ["/path/to/hibp-mcp-server/build/index.js"], "env": { "HIBP_API_KEY": "YOUR_API_KEY_HERE" }, "disabled": false, "autoApprove": [] } } }
Claude 데스크톱 앱의 경우 ~/Library/Application Support/Claude/claude_desktop_config.json (macOS)에 추가하고, 다른 플랫폼의 경우 비슷한 경로에 추가합니다.

사용 예

서버가 구성되면 Claude와 함께 사용하여 데이터 침해를 확인할 수 있습니다.

이메일 확인

User: Has my email address example@gmail.com been pwned?

Claude: Good news! This email address has not been found in any known data breaches.

또는 해당 이메일이 침해로 인해 발견된 경우:

User: Has my email address breached@example.com been pwned?

Claude: ⚠️ This email address was found in 3 data breaches.

Breach details:

1. Adobe (2013-10-04)
   Domain: adobe.com
   Description: In October 2013, 153 million Adobe accounts were breached...
   Compromised data: Email addresses, Password hints, Passwords, Usernames

2. LinkedIn (2012-05-05)
   Domain: linkedin.com
   Description: In May 2016, LinkedIn had 164 million email addresses and passwords exposed...
   Compromised data: Email addresses, Passwords

3. Dropbox (2012-07-01)
   Domain: dropbox.com
   Description: In mid-2012, Dropbox suffered a data breach which exposed...
   Compromised data: Email addresses, Passwords

Recommendations:
- Change your password for these services immediately
- If you used the same password elsewhere, change those too
- Enable two-factor authentication where available
- Consider using a password manager

비밀번호 확인

User: Has the password "password123" been exposed in any breaches?

Claude: ⚠️ This password has been exposed in data breaches 123,456 times!

Recommendations:
- Stop using this password immediately
- Change it on any site where you use it
- Use a unique, strong password for each account
- Consider using a password manager

침해 세부 정보 받기

User: Tell me about the LinkedIn data breach

Claude: # LinkedIn Data Breach

**Date:** 2012-05-05
**Domain:** linkedin.com
**Accounts affected:** 164,611,595
**Verified:** Yes
**Data leaked:** Email addresses, Passwords

**Description:**
In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

**Recommendations:**
- If you had an account on this service, change your password
- If you used the same password elsewhere, change those too
- Monitor your accounts for suspicious activity
- Be cautious of phishing attempts that may use this leaked information

모든 위반 사항 나열

User: List all Adobe data breaches

Claude: Found 1 breaches for domain adobe.com:

1. Adobe (2013-10-04)
   Domain: adobe.com
   Accounts affected: 152,445,165
   Compromised data: Email addresses, Password hints, Passwords, Usernames

보안 참고 사항

비밀번호 확인 기능은 Have I Been Pwned API에 전체 비밀번호를 전송하지 않고도 k-익명성을 사용하여 비밀번호를 확인합니다.
비밀번호의 SHA-1 해시의 처음 5자만 API로 전송됩니다.
API는 접두사와 일치하는 해시 접미사 목록을 반환하고 검사는 로컬에서 완료됩니다.

API 키 구성

이 서버에서는 대부분의 기능(비밀번호 확인 제외)을 사용하려면 Have I Been Pwned API 키가 필요합니다. haveibeenpwned.com/API/Key 에서 API 키를 받으실 수 있습니다.

API 키는 MCP 설정 구성에서 HIBP_API_KEY 라는 환경 변수로 제공되어야 합니다.

특허

MIT

Install Server

HTTP connection URL

security – no known vulnerabilities

license - permissive license

quality - confirmed to work

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

Tools

데이터 침해로 인해 계정이나 비밀번호가 손상되었는지 확인하기 위해 Have I Been Pwned API와 통합을 제공하는 MCP(Model Context Protocol) 서버입니다.

Related MCP Servers

mcp-hn
erithwik
A
security
A
license
A
quality
A Model Context Protocol (MCP) server that provides tools for searching and fetching information from Hacker News.
Last updated -
4
6
Python
MIT License
mcp-turso-cloud
spences10
A
security
A
license
A
quality
🗂️ A Model Context Protocol (MCP) server that provides integration with Turso databases for LLMs. This server implements a two-level authentication system to handle both organization-level and database-level operations, making it easy to manage and query Turso databases directly from LLMs.
Last updated -
8
26
6
TypeScript
MIT License
MCP API Service
nstanw
A
security
F
license
A
quality
A Model Context Protocol (MCP) server that interacts with system APIs, allowing users to check connections, search employees, register breakfast, and update chemical information by shifts.
Last updated -
21
37
JavaScript
SSH MCP Server
mfangtao
-
security
F
license
-
quality
A server that enables remote command execution over SSH through the Model Context Protocol (MCP), supporting both password and private key authentication.
Last updated -
JavaScript

View all related MCP servers

Have I Been Pwned MCP Server