API consumers

See who's using the API to bring data from the site into other applications.

These are all independent projects created by individuals that offer you other ways to check for breached accounts on Have I been pwned? If you've created something that's missing from this list, please get in touch.

Android app

Created by Matt Smithies and does just what it sounds like it does — a rich client app for your Android device.

Another Android app

This one by Björn Lundén and also does just what it sounds like it does — a rich client app for your Android device including details of the breach the account appeared in.

Windows Phone app

One for the Windows Phone users, this one is by Kamran Ayub and allows you to check any email address against the API and get back a complete list of pwned websites.

Recon-ng module

Recon-ng is a Python based reconnaissance framework for penetration testers built by Tim Tomes. A module designed to look for compromised accounts via the "Have I been pwned?" API has been contributed by Tyler Halfpop.

Ruby Gem

A little Gem by Carl Sampson that can enumerate through a collection of addresses and report on their pwned status.

Another Ruby Gem

Another Gem, this time by Michael Henriksen that can extract email addresses from a file then run them through Have I been pwned?


A Python implementation by Casey Dunham to quickly check a single email against the Have I been API.


Another Python implementation by Alexan Mardigian to enumerate through a list of email addresses.


More Python, this one by Eric Fay and with easy access to the main services provided by Have I been pwned? including breaches and pastes, but also including the ability to retrieve additional data such as all breaches and compromised data classes.


PwnedConsole is a Python script by Kory Findley designed to act as an interactive tool for querying Have I been pwned? for breach data. This script makes use of the PyPwned Python module.

Maltego Transform

A Maltego Transform by Sudhanshu Chauhan to to return all breached sites for a given account.

PingIT for iOS

Searching for breached accounts has been added by Dashtag as an additional feature on this @SEKIMIAtweets existing app for webmasters and website owners that want to be alerted when their site goes down.

iPwnedCheck for iOS

Another app by Carl Sampson, this time for iOS. iPC allows you to maintain a list of accounts to be monitored which you can then go back to and check regularly for more pwnage.


An Angular JS module by Brad Cavanagh that checks an email address for previous pwning during the signup process on a web form.

Hack Check for Firefox OS

A Firefox OS app by Zshawn Syed that takes an address and and runs it against the API to check for previous pwnage.

IFTTT Recipe

An "If This Then That" recipe by Nick Scoman that use the RSS feed rather than the API to automatically send an Android notification when a new breach is added to the system.

iOS and Android apps

Created by Gerald Versluis, these Xamarin based apps report on the top 10 breaches in the system plus allow for searching either via iOS or Android clients.

WordPress plugin

A plugin created by Evan Herman that allows a WordPress site owner to cross-check their registration database for breached accounts.

Node.js module and Node.js command line tool

A couple of Node.js projects created by Justin Hall, both freely avialable via GitHub.

Chrome extension

A browser extension by Antreas Pogiatzis which integrates directly with Chrome.

Universal Windows Application

A universal Windows app built by Lance McCarthy and available for free in the Windows store.

PwnageChecker for iOS

An iOS app built by Vince Chan and available for free in the Apple app store.

HIBPBot for Telegram

A Telegram project built by Luke Anderson providing a quick and sleek way to find out if your data has been hacked.

Microsoft Flow Notification

A Microsoft Flow built by Jon Gallant that sends a push notification every time there is a new breach loaded into the system.

Hacked? Another Android app

This one by Marc Doerflinger, "Hacked?" searches for data breaches an email address appears in and details the classes of information that have been exposed in the incident.

Java client

A Java client built by Dario Oreščanin that will check the API for breaches based on the provided email address.