Merge pull request #45 from R1sh0bh-1/add-hibp-analyzers-docs

mlodic · web-flow · commit 92543a645488 · 2026-01-26T14:41:25.000+01:00
docs: add HibpBreaches and HibpPasswords to usage.md and advanced_usa…
diff --git a/docs/IntelOwl/advanced_usage.md b/docs/IntelOwl/advanced_usage.md
@@ -284,6 +284,11 @@ Some analyzers could require a special configuration:
     - `waiting_time`: Determines the waiting time for the page to load during the scan (in seconds).
     - `private_scan`: When set to `true`, the scan results will not be shared with other `urlDNA.io` users.
     - `scanned_from`: Allows selecting the country of origin for the scan using a two-letter country code (ISO 3166-1 alpha-2). This feature is available only to `urlDNA.io` Premium Users.
+- `HibpBreaches` and `HibpPasswords` (HaveIBeenPwned family):
+  - Both use the [HaveIBeenPwned API](https://haveibeenpwned.com/API/v3). HibpBreaches requires an API key (use dummy `00000000000000000000000000000000` for testing); HibpPasswords needs none.
+  - HibpBreaches supports email (generic) and domain; domain uses public endpoint (limited results — no leaked emails without paid verification).
+  - Optional params for HibpBreaches: `truncate_response` (less data), `include_unverified` (show unverified breaches).
+  - HibpPasswords uses privacy-safe k-anonymity (SHA-1 prefix only; full password never sent).
 - `MobSF_Service`: 
   - The `MobSF_Service` analyzer offers various configurable parameters to optimize the automated scanning of the application as per one's requirement.
     - `enable_dynamic_analysis`: Set to `True` to enable dynamic analysis though this will increase the scan time.
diff --git a/docs/IntelOwl/usage.md b/docs/IntelOwl/usage.md
@@ -281,6 +281,8 @@ Some analyzers require details other than just IP, URL, Domain, etc. We classifi
 - `Dehashed_Search`: Query any observable/keyword against https://dehashed.com's search API.
 - `EmailRep`: search an email address on [emailrep.io](https://emailrep.io)
 - `HaveIBeenPwned`: [HaveIBeenPwned](https://haveibeenpwned.com/API/v3) checks if an email address has been involved in a data breach
+- `HibpBreaches` : Checks email addresses and domains for data breaches using [HaveIBeenPwned](https://haveibeenpwned.com/API/v3) public API endpoints. Requires API key (test key available). Domain results are limited without paid verification.
+- `HibpPasswords` : Checks if a password has been exposed using [HaveIBeenPwned](https://haveibeenpwned.com/API/v3#PwnedPasswords) k-anonymity range search (SHA-1 prefix only). No API key required.
 - `IntelX_Intelligent_Search`: [IntelligenceX](https://intelx.io/) is a search engine and data archive. Fetches emails, urls, domains associated with an observable or a generic string.
 - `IntelX_Phonebook`: [IntelligenceX](https://intelx.io/) is a search engine and data archive. Fetches emails, urls, domains associated with an observable or a generic string.
 - `IPQS_Fraud_And_Risk_Scoring`: Scan an Observable against [IPQualityscore](https://www.ipqualityscore.com/)
