#!

/usr/bin/env python3

import requests
import argparse
from time import time, sleep
from json import loads
from html2text import html2text

API_BASE_URL = "https://haveibeenpwned.com/api/v3"
API_KEY = "" # Your API Key

R = '\033[31m' # red
G = '\033[32m' # green
C = '\033[36m' # cyan
W = '\033[0m' # white
Y = '\033[33m' # yellow

version = '1.3.0.1'

response_codes = {
200: "OK",
400: "Bad request",
401: "Unauthorised",
403: "Forbidden",
404: "Not Pwned",
429: "Too many requests",
503: "Service unavailable",
}

def banner():
banner_text = r'''
______ _ __ __
/ ____/___ / | / /___ / /_
/ / __/ __ \ / |/ / __ \/ __/
/ /_/ / /_/ // /| / /_/ / /_
\____/\____//_/ |_/\____/\__/
'''
print(G + banner_text + W)
print(f'{G}[>]{C} Created by : {W}thewhiteh4t')
print(f'{G}[>]{C} Version : {W}{version}\n')

def get_api_headers():
headers = {'User-Agent': 'pwnedOrNot', 'hibp-api-key': API_KEY}
return headers

def check_breach(email):
url = f"{API_BASE_URL}/breachedaccount/{email}"
headers = get_api_headers()

response = requests.get(url, headers=headers, params={'truncateResponse':

'false'})
return response

def check_domain_breach(email, domain):

url = f"{API_BASE_URL}/breachedaccount/{email}?domain={domain}"
headers = get_api_headers()

response = requests.get(url, headers=headers, params={'truncateResponse':

'false'})
 return response

def get_breach_info(breach_name):
url = f"{API_BASE_URL}/breach/{breach_name}"
headers = get_api_headers()

response = requests.get(url, headers=headers)

return response

def get_paste_account(email):
url = f"{API_BASE_URL}/pasteaccount/{email}"
headers = get_api_headers()

response = requests.get(url, headers=headers)

return response

def print_breach_info(breach_data):
print(f'{G}[+] {C}Breach : {W}{breach_data["Title"]}')
print(f'{G}[+] {C}Domain : {W}{breach_data["Domain"]}')
print(f'{G}[+] {C}Date : {W}{breach_data["BreachDate"]}')
print(f'{G}[+] {C}Pwn Count : {W}{breach_data["PwnCount"]}')
print(f'{G}[+] {C}Fabricated : {W}{breach_data["IsFabricated"]}')
print(f'{G}[+] {C}Verified : {W}{breach_data["IsVerified"]}')
print(f'{G}[+] {C}Retired : {W}{breach_data["IsRetired"]}')
print(f'{G}[+] {C}Spam : {W}{breach_data["IsSpamList"]}')
print(f'{G}[+] {C}Data Types : {W}{", ".join(breach_data["DataClasses"])}')
print(f'{G}[+] {C}Description : {W}{html2text(breach_data["Description"])}')

def main():
banner()

parser = argparse.ArgumentParser(description="Check email or domain against

Have I Been Pwned database.")
parser.add_argument("-e", "--email", help="Email address to check")
parser.add_argument("-d", "--domain", help="Domain name to filter breaches")
parser.add_argument("-b", "--breach", help="Get information about a breach")
args = parser.parse_args()

if args.breach:
response = get_breach_info(args.breach)
if response.status_code == 200:
breach_data = response.json()
print_breach_info(breach_data)
else:
print(f'{R}[-] {C}Error: {W}{response_codes.get(response.status_code,
"Unknown error")}')

elif args.email:
if args.domain:
response = check_domain_breach(args.email, args.domain)
else:
response = check_breach(args.email)

if response.status_code == 200:
breach_data = response.json()
print_breach_info(breach_data)
if args.email:
paste_response = get_paste_account(args.email)
if paste_response.status_code == 200:
 paste_data = paste_response.json()
print(f'\n{G}[+] {C}Dumps Found:{W}')
for paste in paste_data:
print(f'{G}[+] {W}{paste["Id"]}')
elif paste_response.status_code == 404:
print(f'{G}[+] {C}No dumps found for {W}{args.email}')
else:
print(f'{R}[-] {C}Error fetching paste data: {W}
{paste_response.status_code}')
elif response.status_code == 404:
print(f'{G}[+] {C}No breaches found for {W}{args.email}')
else:
print(f'{R}[-] {C}Error: {W}{response_codes.get(response.status_code,
"Unknown error")}')

if __name__ == "__main__":
main()