PHPackages icawebdesign/hibp-php - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. icawebdesign/hibp-php ActiveLibrary icawebdesign/hibp-php ===================== PHP library for accessing the Have I Been Pwned API. 6.7.0(10mo ago)2545.6k↓31.8%4[1 issues](https://github.com/digiservnet/hibp-php/issues)2MITPHPPHP ^8.1||^8.2||^8.3CI passing Since Jul 19Pushed 1mo ago3 watchersCompare [ Source](https://github.com/digiservnet/hibp-php)[ Packagist](https://packagist.org/packages/icawebdesign/hibp-php)[ RSS](/packages/icawebdesign-hibp-php/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (26)Versions (51)Used By (2) PHP library for Have I Been Pwned and Pwned Passwords. ====================================================== [](#php-library-for-have-i-been-pwned-and-pwned-passwords) [![Latest Stable Version](https://camo.githubusercontent.com/26b2a9a27ab92310f2e102ef381e0e9a8f8aeaca2e7f7b67013aa076eb0b9f6d/68747470733a2f2f706f7365722e707567782e6f72672f69636177656264657369676e2f686962702d7068702f76657273696f6e)](https://packagist.org/packages/icawebdesign/hibp-php)[![Total Downloads](https://camo.githubusercontent.com/fa51fb94276b0832d5939ce1b3470b6507dae77d2993bb6b1da974801b680433/68747470733a2f2f706f7365722e707567782e6f72672f69636177656264657369676e2f686962702d7068702f646f776e6c6f616473)](https://packagist.org/packages/icawebdesign/hibp-php)[![codecov](https://camo.githubusercontent.com/1032244c2c043a234754c477d64fe6d82d3fa40c010fa1e49c7621166d824cb9/68747470733a2f2f636f6465636f762e696f2f67682f64696769736572766e65742f686962702d7068702f6272616e63682f646576656c6f702f67726170682f62616467652e7376673f746f6b656e3d48374741454546584c50)](https://codecov.io/gh/digiservnet/hibp-php)[![License](https://camo.githubusercontent.com/21d711cf674b9ef7a3e18fd7518bd5cb3c5c2c8f2f8fdac56fd7e64fb72bec0f/68747470733a2f2f706f7365722e707567782e6f72672f69636177656264657369676e2f686962702d7068702f6c6963656e7365)](https://packagist.org/packages/icawebdesign/hibp-php) HIBP-PHP is a composer library for accessing the [Have I Been Pwned](https://haveibeenpwned.com) and Pwned Passwords APIs (currently v3). The HIBP API now requires an [API Key](https://haveibeenpwned.com/API/Key) that needs to be purchased at the HIBP site for any lookups that use an email address. This currently means that if you're only using this package for lookups from the PwnedPassword section of the API, then an API key isn't required. Version `5.x` has dropped support for older PHP versions (`< 7.4`). If you still need a version of this package to run on an older PHP version, then please use the `icawebdesign/hibp-php:^4.0` tag, though the `4.x` branch will no longer receive updates. Version `6.x` now requires PHP `8.1+`. If you need to support previous versions of PHP, please use the `icawebdesign/hibp-php:^5.0` tag. This version however, will only receive security fixes. Requirements ------------ [](#requirements) - PHP 8.1+ Installation ------------ [](#installation) ``` composer require icawebdesign/hibp-php:"^6.0" ``` ReadOnly properties ------------------- [](#readonly-properties) Now that we're targeting a minimum of PHP `8.1`, this gives us the ability to utilise ReadOnly properties in objects. With this, entity getters have been removed and properties can now be accessed directly on the object. Usage examples for Breach Sites data ------------------------------------ [](#usage-examples-for-breach-sites-data) ### Get all breach sites [](#get-all-breach-sites) ``` use Icawebdesign\Hibp\Breach\Breach; use Icawebdesign\Hibp\HibpHttp; $breach = new Breach(new HibpHttp($apiKey)); $breachSites = $breach->getAllBreachSites(); ``` This will return a `Collection` of `BreachSiteEntity` objects. Or we can filter for a domain the breach was listed in: ``` use Icawebdesign\Hibp\Breach\Breach; use Icawebdesign\Hibp\HibpHttp; $breach = new Breach(new HibpHttp($apiKey)); $breachSites = $breach->getAllBreachSites('adobe.com'); ``` This will return a `Collection` of `BreachSiteEntity` objects. ### Get single breach site [](#get-single-breach-site) ``` use Icawebdesign\Hibp\Breach\Breach; use Icawebdesign\Hibp\HibpHttp; $breach = new Breach(new HibpHttp($apiKey)); $breachSite = $breach->getBreach('adobe'); ``` This will return a single `BreachSiteEntity`. ### Get list of data classes for breach sites [](#get-list-of-data-classes-for-breach-sites) ``` use Icawebdesign\Hibp\Breach\Breach; use Icawebdesign\Hibp\HibpHttp; $breach = new Breach(new HibpHttp($apiKey)); $dataClasses = $breach->getAllDataClasses(); ``` This will return an `array` of Data Classes, eg; ``` [ "Account balances", "Address book contacts", "Age groups", "Ages", ... ] ``` ### Get data for a breached email account [](#get-data-for-a-breached-email-account) ``` use Icawebdesign\Hibp\Breach\Breach; use Icawebdesign\Hibp\HibpHttp; $breach = new Breach(new HibpHttp($apiKey)); $data = $breach->getBreachedAccount('test@example.com'); ``` We can retrieve unverified accounts too by specifying `true` for the second param (not retrieved by default): ``` use Icawebdesign\Hibp\Breach\Breach; use Icawebdesign\Hibp\HibpHttp; $breach = new Breach(new HibpHttp($apiKey)); $data = $breach->getBreachedAccount('test@example.com', includeUnverified: true); ``` We can also filter results back to a specific breached domain by adding a domain as the 3rd param ``` use Icawebdesign\Hibp\Breach\Breach; use Icawebdesign\Hibp\HibpHttp; $breach = new Breach(new HibpHttp($apiKey)); $data = $breach->getBreachedAccount( 'test@example.com', includeUnverified: true, domainFilter: 'adobe.com', ); ``` These calls will return a `Collection` of `BreachSiteEntity` objects. Usage examples for Pwned Passwords ---------------------------------- [](#usage-examples-for-pwned-passwords) The `PwnedPasswd` methods can now take a second param of an `array` to specify [GuzzleHttp request options](https://docs.guzzlephp.org/en/stable/request-options.html). ### Get number of times the start of a hash appears in the system matching against a full hash [](#get-number-of-times-the-start-of-a-hash-appears-in-the-system-matching-against-a-full-hash) ``` use Icawebdesign\Hibp\Password\PwnedPassword; use Icawebdesign\Hibp\HibpHttp; $pwnedPassword = new PwnedPassword(new HibpHttp($apiKey)); $count = $pwnedPassword->rangeFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'); ``` This will return an `int` of the count. You can also check against `NTLM` hashes: ``` use Icawebdesign\Hibp\Password\PwnedPassword; use Icawebdesign\Hibp\HibpHttp; $pwnedPassword = new PwnedPassword(new HibpHttp($apiKey)); $count = $pwnedPassword->ntlmRangeFromHash('8846F7EAEE8FB117AD06BDD830B7586C'); ``` ### Get number of times the start of a hash appears in the system as above, but with padded values to help prevent fingerprinting [](#get-number-of-times-the-start-of-a-hash-appears-in-the-system-as-above-but-with-padded-values-to-help-prevent-fingerprinting) ``` use Icawebdesign\Hibp\Password\PwnedPassword; use Icawebdesign\Hibp\HibpHttp; $pwnedPassword = new PwnedPassword(new HibpHttp($apiKey)); $hashData = $pwnedPassword->paddedRangeDataFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'); ``` You can also check against `NTLM` hashes: ``` use Icawebdesign\Hibp\Password\PwnedPassword; use Icawebdesign\Hibp\HibpHttp; $pwnedPassword = new PwnedPassword(new HibpHttp($apiKey)); $hashData = $pwnedPassword->paddedNtlmRangeDataFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'); ``` This will return a `Collection` of `PwnedPassword` model objects. ### Get a collection of hash data from a start of a hash and matching against a full hash [](#get-a-collection-of-hash-data-from-a-start-of-a-hash-and-matching-against-a-full-hash) ``` use Icawebdesign\Hibp\Password\PwnedPassword; use Icawebdesign\Hibp\HibpHttp; $pwnedPassword = new PwnedPassword(new HibpHttp($apiKey)); $hashData = $pwnedPassword->rangeDataFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'); ``` This will return a `Collection` of `PwnedPassword` model objects. ### Get a collection of hash data from a start of a hash and matching against a full hash as above, but with padded values to help prevent fingerprinting [](#get-a-collection-of-hash-data-from-a-start-of-a-hash-and-matching-against-a-full-hash-as-above-but-with-padded-values-to-help-prevent-fingerprinting) ``` use Icawebdesign\Hibp\Password\PwnedPassword; use Icawebdesign\Hibp\HibpHttp; $pwnedPassword = new PwnedPassword(new HibpHttp($apiKey)); $hashData = $pwnedPassword->paddedRangeDataFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'); // Strip padded values from results $hashData = PwnedPassword::stripZeroMatchesData($hashData, '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'); ``` This will return a `Collection` of `PwnedPassword` model objects. Usage examples for Paste lists ------------------------------ [](#usage-examples-for-paste-lists) ### Get a collection of pastes that a specified email account has appeared in [](#get-a-collection-of-pastes-that-a-specified-email-account-has-appeared-in) ``` use Icawebdesign\Hibp\Paste\Paste; use Icawebdesign\Hibp\HibpHttp; $paste = new Paste(new HibpHttp($apiKey)); $data = $paste->lookup('test@example.com'); ``` This will return a `Collection` of `PasteEntity` objects. Usage examples for StealerLogs ------------------------------ [](#usage-examples-for-stealerlogs) ### Get a collection of domains that are associated with a specified email account [](#get-a-collection-of-domains-that-are-associated-with-a-specified-email-account) ``` use Icawebdesign\Hibp\StealerLog\StealerLog; use Icawebdesign\Hibp\HibpHttp; $stealerLog = new StealerLog(new HibpHttp($apiKey)); $data = $stealerLog->getStealerLogsByEmailAddress('test@example.com'); ``` This will return a Collection of domains ``` print_r($data); ``` ``` Illuminate\Support\Collection Object ( [items:protected] => Array ( [0] => netflix.com [1] => spotify.com ) [escapeWhenCastingToString:protected] => ) ``` ### Get a collection of email addresses associated with a specified domain [](#get-a-collection-of-email-addresses-associated-with-a-specified-domain) ``` use Icawebdesign\Hibp\StealerLog\StealerLog; use Icawebdesign\Hibp\HibpHttp; $stealerLog = new StealerLog(new HibpHttp($apiKey)); $data = $stealerLog->getStealerLogsByWebsiteDomain('gmail.com'); ``` This will return a Collection of email addresses ``` print_r($data); ``` ``` Illuminate\Support\Collection Object ( [items:protected] => Array ( [0] => andy@gmail.com [1] => jane@gmail.com ) [escapeWhenCastingToString:protected] => ) ``` ### Get a collection of aliases and domains associated with an email domain [](#get-a-collection-of-aliases-and-domains-associated-with-an-email-domain) ``` use Icawebdesign\Hibp\StealerLog\StealerLog; use Icawebdesign\Hibp\HibpHttp; $stealerLog = new StealerLog(new HibpHttp($apiKey)); $data = $stealerLog->getStealerLogsByEmailDomain('netflix.com'); ``` This will return a Collection of aliases and their associated domains ``` print_r($data); ``` ``` Illuminate\Support\Collection Object ( [items:protected] => Array ( [andy] => Array ( [0] => netflix.com ) [jane] => Array ( [0] => netflix.com [1] => spotify.com ) ) [escapeWhenCastingToString:protected] => ) ``` Subscription Status ------------------- [](#subscription-status) ### Get the current subscription status for an API Key [](#get-the-current-subscription-status-for-an-api-key) ``` use Icawebdesign\Hibp\HibpHttp; use Icawebdesign\Hibp\Subscription\Subscription; $subscription = new Subscription(new HibpHttp($apiKey)); $status = $subscription->status(); ``` This will return a `SubscriptionStatusEntity` object. Laravel specifics ----------------- [](#laravel-specifics) If using the package within a Laravel application, you can use the provided facades. First, you need to add your HIBP API key to your `.env` file, or your preferred method for adding values to your server environment variables. ``` HIBP_API_KEY=abcdefgh123456789 ``` You can then use the facades to call the relevant methods: ``` // Breach use Icawebdesign\Hibp\Facades\Breach; $breachSites = Breach::getAllBreachSites(); // Paste use Icawebdesign\Hibp\Facades\Paste; $paste = Paste::lookup('test@example.com'); // PwnedPassword use Icawebdesign\Hibp\Facades\PwnedPassword; $count = PwnedPassword::rangeFromHash('5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'); ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. Security -------- [](#security) If you discover any security related issues, please email instead of using the issue tracker. Credits ------- [](#credits) - [Ian.H](https://github.com/icawebdesign) - [All Contributors](../../contributors) Thank you to [Artem Fomenko](https://github.com/ArtemFo) for being the first external contributor to the package providing request options for Guzzle for the PwnedPassword methods. License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE) for more information. ### Health Score 60 — FairBetter than 99% of packages Maintenance73 Regular maintenance activity Popularity40 Moderate usage in the ecosystem Community18 Small or concentrated contributor base Maturity91 Battle-tested with a long release history Bus Factor1 Top contributor holds 95.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~57 days Recently: every ~71 days Total 46 Last Release 305d ago Major Versions 4.4.3 → 5.0.62021-11-13 5.1.1 → 6.0.02023-02-16 5.2.0 → 6.0.12023-02-16 5.3.0 → 6.1.02023-04-18 6.5.0 → v7.x-dev2025-05-06 PHP version history (8 changes)1.0.0PHP >=7.1.3 4.0.0PHP >=7.2.0 4.2.1PHP >=7.2.5 5.0.0PHP ^7.4|^8.0 5.1.0PHP ^7.4||^8.0||^8.1 6.0.0PHP ^8.1||^8.2 6.3.1PHP ^8.1||^8.2||^8.3 v7.x-devPHP ^8.1||^8.2||^8.3||^8.4 ### Community Maintainers ![](https://www.gravatar.com/avatar/b7daaa5da98a940ccc72564d4445aeefc4176f339118975ff1de57d38c4fb70f?d=identicon)[ian.h](/maintainers/ian.h) --- Top Contributors [![digiservnet](https://avatars.githubusercontent.com/u/57901585?v=4)](https://github.com/digiservnet "digiservnet (44 commits)")[![ArtemFo](https://avatars.githubusercontent.com/u/32449636?v=4)](https://github.com/ArtemFo "ArtemFo (1 commits)")[![jdrieghe](https://avatars.githubusercontent.com/u/12606789?v=4)](https://github.com/jdrieghe "jdrieghe (1 commits)") --- Tags api-v3haveibeenpwnedphpphp-libraryhaveibeenpwnedhibpicawebdesigndigiservdigiservnet ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/icawebdesign-hibp-php/health.svg) ``` [![Health](https://phpackages.com/badges/icawebdesign-hibp-php/health.svg)](https://phpackages.com/packages/icawebdesign-hibp-php) ``` ### Alternatives [sylius/sylius E-Commerce platform for PHP, based on Symfony framework. 8.4k5.6M651](/packages/sylius-sylius)[shopware/platform The Shopware e-commerce core 3.3k1.5M3](/packages/shopware-platform)[silverstripe/framework The SilverStripe framework 7213.5M2.5k](/packages/silverstripe-framework)[statamic/cms The Statamic CMS Core Package 4.8k3.2M720](/packages/statamic-cms)[drupal/core Drupal is an open source content management platform powering millions of websites and applications. 19562.3M1.3k](/packages/drupal-core)[aporat/store-receipt-validator PHP receipt validator for Apple App Store and Amazon Appstore 6503.9M9](/packages/aporat-store-receipt-validator) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)