Support `hibp-api-key` Transform Setting
cmlh opened this issue · 12 comments
Available to Maltego Classic and [Maltego] XL are:
- All breaches for an account i.e. e-mail address and alias
- All pastes for an e-mail address
- https://haveibeenpwned.com/API/v3#AllDataClasses
- https://haveibeenpwned.com/API/v3#AllBreaches (with/without
domainparameter) - https://haveibeenpwned.com/API/v3#SingleBreach
Therefore, Maltego CE will be limited to
- https://haveibeenpwned.com/API/v3#AllBreaches (with
domainparameter). - https://haveibeenpwned.com/API/v3#SingleBreach
Refer to @troyhunt Blog Post for further information
Is this something you are willing to add in as a supported input to the plugin? Looks like the ability to query has ended in the last little bit as the requests previously worked about 2-3 weeks ago but throw API errors as of this week for breaches by account. Using api key direct works as expected in a raw http request.
Is this something you are willing to add in as a supported input to the plugin? Looks like the ability to query has ended in the last little bit as the requests previously worked about 2-3 weeks ago but throw API errors as of this week for breaches by account. Using api key direct works as expected in a raw http request.
The code to support #30 has already shipped but I'll need to activate it once https://www.troyhunt.com/project-svalbard-the-future-of-have-i-been-pwned/ is sold.
Can you send me a screenshot of your error please?
Screenshot attached.
Exactly same error here.
Same error for me
@jl-dos @pbuen0 @andrewblack753
The API Key is still valid for the next ~20 days i.e. until 5:19 GMT on 26 November 2019
I would suspect the issue may be similar to the upstream issue within Azure in late August as documented within https://twitter.com/troyhunt/status/1164291579705610240 and I am working with @troyhunt on a resolution.
@jl-dos @pbuen0 @andrewblack753 @Fiebererdi
This has been resolved.
Is this something you are willing to add in as a supported input to the plugin? Looks like the ability to query has ended in the last little bit as the requests previously worked about 2-3 weeks ago but throw API errors as of this week for breaches by account. Using api key direct works as expected in a raw http request.
The code to support #30 has already shipped but I'll need to activate it once https://www.troyhunt.com/project-svalbard-the-future-of-have-i-been-pwned/ is sold.
Can you send me a screenshot of your error please?
Confirmed queries are working again. Will the feature to support our own api keys with a parameter still be added in the future? Thank you
Support for this Transform Setting has already been developed I just haven't turned it on yet due to the upstream issue[s] such as https://twitter.com/troyhunt/status/1164291579705610240
Once these issue[s] are settled, which I forecast will be sometime after the sale of "Have I Been Pwned?", then I will activate this Transform Setting.
This is incorrect on multiple levels:
The tweet you linked to is at the head of a thread which shows the issue being resolved all the way back in August: https://twitter.com/troyhunt/status/1167604726944296960
And it's entirely unrelated to the sale of HIBP as it's been resolved for months now.
The tweet you linked to is at the head of a thread which shows the issue being resolved all the way back in August: https://twitter.com/troyhunt/status/1167604726944296960
The API Key was automatically renewed on 26 October but began to fail from 1 November. I sent you an e-mail on 6 November but never received a reply.
And it's entirely unrelated to the sale of HIBP as it's been resolved for months now.
How I will price my integration with Maltego is dependent on your sale.
@jl-dos @pbuen0 @andrewblack753 @Fiebererdi,
I'll reconsider this once #35 is closed as #35 has a direct dependency on the @HaveIBeenPwned API Key.