这个用户友好的 API 可以快速检查电子邮件地址是否涉及任何已知的数据泄露。它会搜索全面的违规数据库,并在电子邮件存在风险时向您发出警报。
该工具对于维护数字安全和了解电子邮件的泄露历史非常宝贵。这是朝着更好的数字安全和意识迈出的一步。
成功检测违规的示例: 当检测到违规时,您将收到如下 JSON 响应:https://api.xposedornot.com/v1/check-email/[[email protected]]
{ "breaches": [ [ "Tesco", "KiwiFarms", "Vermillion", "Verified", "LizardSquad", "2fast4u", "Autotrader", "MyRepoSpace", "SweClockers" ] ] }响应采用 JSON 格式,因此可以使用任何脚本语言轻松解析。这使您可以轻松地将数据集成到您的应用程序中。
{"Error":"Not found"}
我们的 API 可以对电子邮件地址的数据泄露历史记录进行深入分析。它揭示了违规发生的时间和地点,提供必要的分析来衡量这些事件的影响和严重性。该工具对于了解数据暴露级别和增强安全策略至关重要。
https://api.xposedornot.com/v1/breach-analytics/[email-address]
API 以两种可能的结果进行响应:成功或失败。以下是成功响应的关键组成部分:
这套全面的分析工具可以深入研究任何电子邮件的数据泄露历史,提供更好的数字安全管理所需的见解。
{ "BreachMetrics": { "get_details": [], "industry": [ [ [ "elec", 1 ], [ "misc", 0 ], [ "mini", 0 ], [ "musi", 0 ], [ "manu", 0 ], [ "ener", 0 ], [ "news", 0 ], [ "ente", 0 ], [ "hosp", 0 ], [ "heal", 0 ], [ "food", 0 ], [ "phar", 0 ], [ "educ", 0 ], [ "cons", 0 ], [ "agri", 0 ], [ "tele", 0 ], [ "info", 0 ], [ "tran", 0 ], [ "aero", 0 ], [ "fina", 0 ], [ "reta", 0 ], [ "nonp", 0 ], [ "govt", 0 ], [ "spor", 0 ], [ "envi", 0 ] ] ], "passwords_strength": [ { "EasyToCrack": 0, "PlainText": 0, "StrongHash": 1, "Unknown": 0 } ], "risk": [ { "risk_label": "Low", "risk_score": 3 } ], "xposed_data": [ { "children": [ { "children": [ { "colname": "level3", "group": "A", "name": "data_Usernames", "value": 1 } ], "colname": "level2", "name": "👤 Personal Identification" }, { "children": [ { "colname": "level3", "group": "D", "name": "data_Passwords", "value": 1 } ], "colname": "level2", "name": "🔒 Security Practices" }, { "children": [ { "colname": "level3", "group": "F", "name": "data_Email addresses", "value": 1 } ], "colname": "level2", "name": "📞 Communication and Social Interactions" } ] } ], "yearwise_details": [ { "y2007": 0, "y2008": 0, "y2009": 0, "y2010": 0, "y2011": 0, "y2012": 0, "y2013": 0, "y2014": 0, "y2015": 1, "y2016": 0, "y2017": 0, "y2018": 0, "y2019": 0, "y2020": 0, "y2021": 0, "y2022": 0, "y2023": 0 } ] }, "BreachesSummary": { "site": "SweClockers" }, "ExposedBreaches": { "breaches_details": [ { "breach": "SweClockers", "details": "SweClockers experienced a data breach in early 2015, where 255k accounts were exposed. As a result, usernames, email addresses, and salted hashes of passwords—which were stored using a combination of MD5 and SHA512—were disclosed. Exposed data: Usernames, Email addresses, Passwords.", "domain": "sweclockers.com", "industry": "Electronics", "logo": "Sweclockers.png", "password_risk": "hardtocrack", "references": "", "searchable": "Yes", "verified": "Yes", "xposed_data": "Usernames;Email addresses;Passwords", "xposed_date": "2015", "xposed_records": 254967 } ] }, "ExposedPastes": null, "PasteMetrics": null, "PastesSummary": { "cnt": 0, "domain": "", "tmpstmp": "" } }BreachMetrics 中使用的一些数据点如下:
{ "Error": "Not found"}
这也意味着在 XposedOrNot 中加载的任何数据泄露中都找不到搜索到的电子邮件。
如果您有兴趣检查暴露的密码,这个 API 非常适合您。它以两种形式提供结果:成功或不成功。假设您想要检查广泛使用的密码“123456” - 这个 API 可以提供帮助。
成功找到匹配的密码哈希的 JSON 输出示例:https://passwords.xposedornot.com/v1/pass/anon/[first 10 characters of SHA3-keccak-512 hash]
{ "SearchPassAnon": { "anon": "808d63ba47", "char": "D:6;A:0;S:0;L:6", "count": "11999477", "wordlist": 0 } }
API 以 JSON 格式提供结果,这比简单的是/否更能提供信息。此详细输出可以进一步分析和增强大量实时暴露密码的列表。
该 API 不仅可用于识别暴露的密码,还有助于开发更强大、更安全的密码策略。
数字 | 数数 |
字母表 | 字母数 |
特殊字符 | 特殊字符计数 |
长度 | 密码长度 |
1e2e9fc2002b002d75198b7503210c05a1baac4560916a3c6d93bcce3a50d7f00fd395bf1647b9abb8d1afcc9c76c289b0c9383ba386a956da4b38934417789e
adf34f3e63a8e0bd2938f3e09ddc161125a031c3c86d06ec59574a5c723e7fdbe04c2c15d9171e05e90a9c822936185f12b9d7384b2bedb02e75c4c5fe89e4d4
{ "Error": "Not found"}
API 仅以 JSON 格式返回成功响应。https://api.xposedornot.com/v1/breaches
{ "Exposed Breaches": [ { "Breach ID": "1.4BillionRecords", "Breached Date": "2017-03-01T00:00:00+00:00", "Domain": "Not-Applicable", "Exposed Data": "Email addresses;Names", "Exposed Records": 1114303554, "Exposure Description": "\"A company called 4iQ in 2017, discovered a massive database of stolen usernames and passwords that was being traded on the dark web. The database, which was referred to as the \"\"largest-ever\"\" breach at the time, contained over 1.4 billion unique username and password combinations, as well as other personal information such as email addresses and IP addresses.\"", "Industry": "Entertainment", "Logo": "combolist.png", "Password Risk": "unknown", "Searchable": "Yes", "Sensitive": "No", "Verified": "Yes" }, { "Breach ID": "123RF", "Breached Date": "2020-03-01T00:00:00+00:00", "Domain": "123rf.com", "Exposed Data": "Usernames;Email addresses;Passwords;Names;IP addresses;Physical addresses;Phone numbers", "Exposed Records": 8668646, "Exposure Description": "123RF Stock photo site has suffered a data breach in March 2020. The exposed database contained 8.3 million user records leaked on a hacker forum. Exposed data includes full name, email address, MD5 hashed passwords, company name, phone number, address, PayPal email if used, and IP address.", "Industry": "Information Technology", "Logo": "123RF.png", "Password Risk": "easytocrack", "Searchable": "Yes", "Sensitive": "No", "Verified": "Yes" }, { "Breach ID": "17173", "Breached Date": "2011-12-01T00:00:00+00:00", "Domain": "17173.com", "Exposed Data": "Usernames;Passwords;Email addresses", "Exposed Records": 7482441, "Exposure Description": "The 17173 gaming site breach in 2011 was part of a larger series of data breaches in China, affecting nearly 100 million users. Of these, 7.5 million were from 17173. The breach exposed usernames, email addresses, and salted MD5 password hashes.", "Industry": "Energy", "Logo": "17173.png", "Password Risk": "plaintext", "Searchable": "Yes", "Sensitive": "No", "Verified": "No" }, and so on...
https://api.xposedornot.com/v1/breaches?domain=[twitter.com]
{ "Exposed Breaches": [ { "Breach ID": "Twitter-Scraped", "Breached Date": "2021-01-01T00:00:00+00:00", "Domain": "twitter.com", "Exposed Data": "Usernames;Email addresses;Names;Geographic locations;Profile photos;Phone numbers", "Exposed Records": 208918735, "Exposure Description": "\"The \"\"Twitter Email Addresses Leak\"\" involves a data leak of over 200 million Twitter user profiles around 2021. The leak includes email addresses, names, screen names, follow counts, and account creation dates. The data was obtained through a Twitter API vulnerability that allowed the input of email addresses and phone numbers to confirm their association with Twitter IDs.\"", "Industry": "Information Technology", "Logo": "Twitter.png", "Password Risk": "unknown", "Searchable": "Yes", "Sensitive": "No", "Verified": "Yes" } ], "status": "success" }API 仅以 JSON 格式返回成功响应。
这是一个 POST 请求,需要将有效的 API 密钥包含在带有密钥“x-api-key”的标头中。该端点不接受任何请求正文,因此,内容长度标头应设置为“0”。https://api.xposedornot.com/v1/domain-breaches/
API 的响应采用 JSON 格式。主要关键“指标”包含有关违规的详细信息。以下是“metrics”中每个子键的描述:curl -L -X POST -H "x-api-key: 2a447449965fe2b3f1729b65ee94197d" -H "Content-Length: 0" https://api.xposedornot.com/v1/domain-breaches/
{ "metrics": { "Breach_Summary": { "AerServ": 1 }, "Breaches_Details": [ { "breach": "AerServ", "domain": "xposedornot.com", "email": "[email protected]" } ], "Detailed_Breach_Info": { "AerServ": { "breached_date": "Tue, 01 Apr 2014 00:00:00 GMT", "logo": "Aerserv.png", "password_risk": "plaintext", "searchable": "Yes", "xposed_data": "Email Addresses", "xposed_records": 64777, "xposure_desc": "AerServ, an ad management platform, experienced a data breach in April 2018. This incident occurred after its acquisition by InMobi and affected more than 64,000 unique email addresses. The exposed data included contact information and passwords, which were stored as salted SHA-512 hashes. Later in 2018, the breached data was publicly posted on Twitter, prompting InMobi to acknowledge the incident " } }, "Domain_Summary": { "xposedornot.com": 1 }, "Top10_Breaches": { "AerServ": 1 }, "Yearly_Metrics": { "2010": 0, "2011": 0, "2012": 0, "2013": 0, "2014": 1, "2015": 0, "2016": 0, "2017": 0, "2018": 0, "2019": 0, "2020": 0, "2021": 0, "2022": 0, "2023": 0 } }, "status": "success" }错误处理:如果 API 密钥无效或丢失,响应将如下:
{ "message":"Invalid or missing API key", "status":"error" }这信息 字段将包含错误的描述,以及地位 字段将包含字符串“error”以指示发生了错误。
代码 | 描述 |
---|---|
200 | 成功会输出JSON响应 |
401 | API 密钥无效/未经授权 |
404 | 输入错误(未找到数据) |
第429章 | 踩下油门 - 是时候减速了 |
502/503 | 服务器故障 - 完全是我要解决的问题。如果您看到此内容,请大声喊叫;) |