HIBP-MCP-Server

darrenjrobinson/HIBP-MCP-Server

3.3

If you are the rightful owner of HIBP-MCP-Server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

A Model Context Protocol (MCP) server for the Have I Been Pwned (HIBP) API that allows you to query breach data using natural language.

The Have I Been Pwned MCP Server is a specialized server that leverages the Model Context Protocol to interact with the Have I Been Pwned API. This server enables users to query data breach information using natural language, making it easier to check if an email address or password has been compromised. It provides a seamless interface for accessing detailed information about specific breaches, checking if passwords have been exposed, and identifying if an email address appears in pastes. The server is designed to be user-friendly and integrates with various platforms, offering both NPM installation and local development options. With security as a priority, the server ensures that passwords are hashed locally before being checked against the Pwned Passwords API, maintaining user privacy and data security.

Features

  • Natural language querying for data breaches
  • Integration with Have I Been Pwned API
  • Secure password checking using k-anonymity
  • Support for checking email addresses in pastes
  • Detailed breach information retrieval

Usages

npm with Claude Desktop

{
  "mcpServers": {
    "HIBP-MCP": {
      "command": "npx",
      "args": ["-y", "@darrenjrobinson/hibp-mcp"],
      "env": {
        "HIBP_API_KEY": "<your-hibp-api-key>",
        "HIBP_SUBSCRIPTION_PLAN": "Pwned 1"
      }
    }
  }
}

local development

{
  "mcpServers": {
    "HIBP-MCP": {
      "command": "node",
      "args": ["path/to/hibp-mcp/build/main.js"],
      "env": {
        "HIBP_API_KEY": "<your-hibp-api-key>",
        "HIBP_SUBSCRIPTION_PLAN": "Pwned 1"
      }
    }
  }
}

Tools

  1. HIBP-Breaches

    Query breached accounts and breaches from the Have I Been Pwned API.

  2. HIBP-Pastes

    Query pastes containing account data from the Have I Been Pwned API.

  3. HIBP-PwnedPasswords

    Check if a password has been exposed in data breaches using the Pwned Passwords API.