{"id":35223386,"url":"https://github.com/digiservnet/hibp-php","last_synced_at":"2026-04-30T23:03:52.423Z","repository":{"id":49123913,"uuid":"141624875","full_name":"digiservnet/hibp-php","owner":"digiservnet","description":"PHP library for accessing the Have I Been Pwned API.","archived":false,"fork":false,"pushed_at":"2025-07-17T21:35:28.000Z","size":439,"stargazers_count":25,"open_issues_count":1,"forks_count":4,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-03-19T14:57:22.126Z","etag":null,"topics":["api-v3","haveibeenpwned","php","php-library"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/digiservnet.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-07-19T19:56:00.000Z","updated_at":"2026-03-17T08:05:14.000Z","dependencies_parsed_at":"2023-01-29T21:00:59.773Z","dependency_job_id":"9573a271-1573-4142-90b1-733c7c642555","html_url":"https://github.com/digiservnet/hibp-php","commit_stats":null,"previous_names":["digiservnet/hibp-php","icawebdesign/hibp-php"],"tags_count":44,"template":false,"template_full_name":null,"purl":"pkg:github/digiservnet/hibp-php","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digiservnet%2Fhibp-php","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digiservnet%2Fhibp-php/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digiservnet%2Fhibp-php/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digiservnet%2Fhibp-php/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/digiservnet","download_url":"https://codeload.github.com/digiservnet/hibp-php/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/digiservnet%2Fhibp-php/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32479450,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"ssl_error","status_checked_at":"2026-04-30T13:12:06.837Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-v3","haveibeenpwned","php","php-library"],"created_at":"2025-12-30T00:46:18.030Z","updated_at":"2026-04-30T23:03:52.411Z","avatar_url":"https://github.com/digiservnet.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PHP library for Have I Been Pwned and Pwned Passwords.\n\n[![Latest Stable Version](https://poser.pugx.org/icawebdesign/hibp-php/version)](https://packagist.org/packages/icawebdesign/hibp-php)\n[![Total Downloads](https://poser.pugx.org/icawebdesign/hibp-php/downloads)](https://packagist.org/packages/icawebdesign/hibp-php)\n[![codecov](https://codecov.io/gh/digiservnet/hibp-php/branch/develop/graph/badge.svg?token=H7GAEEFXLP)](https://codecov.io/gh/digiservnet/hibp-php)\n[![License](https://poser.pugx.org/icawebdesign/hibp-php/license)](https://packagist.org/packages/icawebdesign/hibp-php)\n\nHIBP-PHP is a composer library for accessing the [Have I Been Pwned](https://haveibeenpwned.com) and Pwned Passwords APIs (currently v3).\n\nThe HIBP API now requires an [API Key](https://haveibeenpwned.com/API/Key) that needs to be purchased at the HIBP site for any lookups that use an email address. This currently means that if you're only using this package for lookups from the PwnedPassword section of the API, then an API key isn't required.\n\nVersion `5.x` has dropped support for older PHP versions (`\u003c 7.4`). If you still need a version of this package to run on an older PHP version, then please use the `icawebdesign/hibp-php:^4.0` tag, though the `4.x` branch will no longer receive updates. \n\nVersion `6.x` now requires PHP `8.1+`. If you need to support previous versions of PHP, please use the `icawebdesign/hibp-php:^5.0` tag. This version however, will only receive security fixes.\n\n## Requirements\n\n- PHP 8.1+\n\n## Installation\n```bash\ncomposer require icawebdesign/hibp-php:\"^6.0\"\n```\n\n## ReadOnly properties\nNow that we're targeting a minimum of PHP `8.1`, this gives us the ability to utilise ReadOnly properties in objects. With this, entity getters have been removed and properties can now be accessed directly on the object.\n\n## Usage examples for Breach Sites data\n\n### Get all breach sites\n```php\nuse Icawebdesign\\Hibp\\Breach\\Breach;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$breach = new Breach(new HibpHttp($apiKey));\n$breachSites = $breach-\u003egetAllBreachSites();\n```\n\nThis will return a `Collection` of `BreachSiteEntity` objects.\n\nOr we can filter for a domain the breach was listed in:\n\n```php\nuse Icawebdesign\\Hibp\\Breach\\Breach;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$breach = new Breach(new HibpHttp($apiKey));\n$breachSites = $breach-\u003egetAllBreachSites('adobe.com');\n```\n\nThis will return a `Collection` of `BreachSiteEntity` objects.\n\n### Get single breach site\n```php\nuse Icawebdesign\\Hibp\\Breach\\Breach;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$breach = new Breach(new HibpHttp($apiKey));\n$breachSite = $breach-\u003egetBreach('adobe');\n```\n\nThis will return a single `BreachSiteEntity`.\n\n### Get list of data classes for breach sites\n```php\nuse Icawebdesign\\Hibp\\Breach\\Breach;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$breach = new Breach(new HibpHttp($apiKey));\n$dataClasses = $breach-\u003egetAllDataClasses();\n```\n\nThis will return an `array` of Data Classes, eg;\n```php\n[\n  \"Account balances\",\n  \"Address book contacts\",\n  \"Age groups\",\n  \"Ages\",\n  ...\n]\n```\n\n### Get data for a breached email account\n```php\nuse Icawebdesign\\Hibp\\Breach\\Breach;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$breach = new Breach(new HibpHttp($apiKey));\n$data = $breach-\u003egetBreachedAccount('test@example.com');\n```\n\nWe can retrieve unverified accounts too by specifying `true` for the second param (not retrieved by default):\n\n```php\nuse Icawebdesign\\Hibp\\Breach\\Breach;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$breach = new Breach(new HibpHttp($apiKey));\n$data = $breach-\u003egetBreachedAccount('test@example.com', includeUnverified: true);\n```\n\nWe can also filter results back to a specific breached domain by adding a domain as the 3rd param\n\n```php\nuse Icawebdesign\\Hibp\\Breach\\Breach;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$breach = new Breach(new HibpHttp($apiKey));\n$data = $breach-\u003egetBreachedAccount(\n    'test@example.com', \n    includeUnverified: true,\n    domainFilter: 'adobe.com', \n);\n```\n\nThese calls will return a `Collection` of `BreachSiteEntity` objects.\n\n## Usage examples for Pwned Passwords\n\nThe `PwnedPasswd` methods can now take a second param of an `array` to specify [GuzzleHttp request options](https://docs.guzzlephp.org/en/stable/request-options.html).\n\n### Get number of times the start of a hash appears in the system matching against a full hash\n```php\nuse Icawebdesign\\Hibp\\Password\\PwnedPassword;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$pwnedPassword = new PwnedPassword(new HibpHttp($apiKey));\n$count = $pwnedPassword-\u003erangeFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');\n```\n\nThis will return an `int` of the count.\n\nYou can also check against `NTLM` hashes:\n```php\nuse Icawebdesign\\Hibp\\Password\\PwnedPassword;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$pwnedPassword = new PwnedPassword(new HibpHttp($apiKey));\n$count = $pwnedPassword-\u003entlmRangeFromHash('8846F7EAEE8FB117AD06BDD830B7586C');\n```\n\n### Get number of times the start of a hash appears in the system as above, but with padded values to help prevent fingerprinting\n```php\nuse Icawebdesign\\Hibp\\Password\\PwnedPassword;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$pwnedPassword = new PwnedPassword(new HibpHttp($apiKey));\n$hashData = $pwnedPassword-\u003epaddedRangeDataFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');\n```\n\nYou can also check against `NTLM` hashes:\n```php\nuse Icawebdesign\\Hibp\\Password\\PwnedPassword;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$pwnedPassword = new PwnedPassword(new HibpHttp($apiKey));\n$hashData = $pwnedPassword-\u003epaddedNtlmRangeDataFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');\n```\n\nThis will return a `Collection` of `PwnedPassword` model objects.\n\n### Get a collection of hash data from a start of a hash and matching against a full hash\n```php\nuse Icawebdesign\\Hibp\\Password\\PwnedPassword;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$pwnedPassword = new PwnedPassword(new HibpHttp($apiKey));\n$hashData = $pwnedPassword-\u003erangeDataFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');\n```\n\nThis will return a `Collection` of `PwnedPassword` model objects.\n\n### Get a collection of hash data from a start of a hash and matching against a full hash as above, but with padded values to help prevent fingerprinting\n```php\nuse Icawebdesign\\Hibp\\Password\\PwnedPassword;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$pwnedPassword = new PwnedPassword(new HibpHttp($apiKey));\n$hashData = $pwnedPassword-\u003epaddedRangeDataFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');\n\n// Strip padded values from results\n$hashData = PwnedPassword::stripZeroMatchesData($hashData, '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');\n```\n\nThis will return a `Collection` of `PwnedPassword` model objects.\n\n## Usage examples for Paste lists\n\n### Get a collection of pastes that a specified email account has appeared in\n```php\nuse Icawebdesign\\Hibp\\Paste\\Paste;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$paste = new Paste(new HibpHttp($apiKey));\n$data = $paste-\u003elookup('test@example.com');\n```\n\nThis will return a `Collection` of `PasteEntity` objects.\n\n## Usage examples for StealerLogs\n\n### Get a collection of domains that are associated with a specified email account\n\n```php\nuse Icawebdesign\\Hibp\\StealerLog\\StealerLog;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$stealerLog = new StealerLog(new HibpHttp($apiKey));\n$data = $stealerLog-\u003egetStealerLogsByEmailAddress('test@example.com');\n```\n\nThis will return a Collection of domains\n```php\nprint_r($data);\n```\n```php\nIlluminate\\Support\\Collection Object\n(\n    [items:protected] =\u003e Array\n        (\n            [0] =\u003e netflix.com\n            [1] =\u003e spotify.com\n        )\n\n    [escapeWhenCastingToString:protected] =\u003e \n)\n```\n\n### Get a collection of email addresses associated with a specified domain\n\n```php\nuse Icawebdesign\\Hibp\\StealerLog\\StealerLog;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$stealerLog = new StealerLog(new HibpHttp($apiKey));\n$data = $stealerLog-\u003egetStealerLogsByWebsiteDomain('gmail.com');\n```\n\nThis will return a Collection of email addresses\n```php\nprint_r($data);\n```\n```php\nIlluminate\\Support\\Collection Object\n(\n    [items:protected] =\u003e Array\n        (\n            [0] =\u003e andy@gmail.com\n            [1] =\u003e jane@gmail.com\n        )\n\n    [escapeWhenCastingToString:protected] =\u003e \n)\n```\n\n### Get a collection of aliases and domains associated with an email domain\n\n```php\nuse Icawebdesign\\Hibp\\StealerLog\\StealerLog;\nuse Icawebdesign\\Hibp\\HibpHttp;\n\n$stealerLog = new StealerLog(new HibpHttp($apiKey));\n$data = $stealerLog-\u003egetStealerLogsByEmailDomain('netflix.com');\n```\n\nThis will return a Collection of aliases and their associated domains\n```php\nprint_r($data);\n```\n```php\nIlluminate\\Support\\Collection Object\n(\n    [items:protected] =\u003e Array\n        (\n            [andy] =\u003e Array\n                (\n                    [0] =\u003e netflix.com\n                )\n\n            [jane] =\u003e Array\n                (\n                    [0] =\u003e netflix.com\n                    [1] =\u003e spotify.com\n                )\n\n        )\n\n    [escapeWhenCastingToString:protected] =\u003e \n)\n```\n\n## Subscription Status\n\n### Get the current subscription status for an API Key\n\n```php\nuse Icawebdesign\\Hibp\\HibpHttp;\nuse Icawebdesign\\Hibp\\Subscription\\Subscription;\n\n$subscription = new Subscription(new HibpHttp($apiKey));\n$status = $subscription-\u003estatus();\n```\n\nThis will return a `SubscriptionStatusEntity` object.\n\n## Laravel specifics\nIf using the package within a Laravel application, you can use the provided facades.\nFirst, you need to add your HIBP API key to your `.env` file, or your preferred method for adding values to your server environment variables.\n\n```\nHIBP_API_KEY=abcdefgh123456789\n```\n\nYou can then use the facades to call the relevant methods:\n\n```php\n// Breach\nuse Icawebdesign\\Hibp\\Facades\\Breach;\n\n$breachSites = Breach::getAllBreachSites();\n\n// Paste\nuse Icawebdesign\\Hibp\\Facades\\Paste;\n\n$paste = Paste::lookup('test@example.com');\n\n// PwnedPassword\nuse Icawebdesign\\Hibp\\Facades\\PwnedPassword;\n\n$count = PwnedPassword::rangeFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8');\n```\n\n## Changelog\n\nPlease see [CHANGELOG](CHANGELOG.md) for more information what has changed recently.\n\n## Contributing\n\nPlease see [CONTRIBUTING](CONTRIBUTING.md) for details.\n\n## Security\n\nIf you discover any security related issues, please email ian.h@digiserv.net instead of using the issue tracker.\n\n## Credits\n\n- [Ian.H](https://github.com/icawebdesign)\n- [All Contributors](../../contributors)\n\nThank you to [Artem Fomenko](https://github.com/ArtemFo) for being the first external contributor to the package \nproviding request options for Guzzle for the PwnedPassword methods.\n\n## License\n\nThe MIT License (MIT). Please see [License File](LICENSE) for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdigiservnet%2Fhibp-php","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdigiservnet%2Fhibp-php","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdigiservnet%2Fhibp-php/lists"}