#Configurable options:#Make sure the path exists or you will spam your list

1. #Configurable options:
2.  
3. #Make sure the path exists or you will spam your list every time the script runs:
4. $path_to_notified_file = ".\db\pwnd_list.csv"
5.  
6. #users to check for breach
7. $user_list = get-aduser -filter { Emailaddress -like "*" -AND Enabled -eq $true} -prop emailaddress | select -expandproperty Emailaddress
8.  
9. #SMTP settings:
10. $email_notify = $true
11. $from = "[email protected]"
12. $subject = "ATTN: Account was included in a data breach"
13. $body_html = "Hello,<br>It has been noticed by an automated system that your email address was included in the following data breaches:"
14. $body_signature = "<br>It is recomended you change your passwords on those systems<br><br>Thank you<br>I_script_stuff Notifier Bot<br>"
15.  
16. #email credentials enable tested on gmail. If you don't need credentials set $needs_email_creds to false.
17. $needs_email_creds = $false
18. #configure credential file for email password if needed:
19. $creds_path = ".\cred.txt"
20. #read-host -assecurestring | convertfrom-securestring | out-file $creds_path
21.  
22.  
23. #SMTP server to use
24. $smtp = "smtp.gmail.com"
25. $smtp_port = "587"
26.  
27. #process smtp credentials
28. $pass = get-content $creds_path | convertto-securestring
29. $credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "$from", $pass
30. #
31. # Search and notify
32. #
33. if(test-path $path_to_notified_file ) {
34. $already_found = get-content $path_to_notified_file
35. } else {
36. $already_found = ""
37. echo "Warning: No file loaded for $path_to_notified_file If this is the first time running the script a file will be created."
38. sleep 1
39. }
40.  
41. #
42. #Function that power the script
43. #
44. function get-breachedstatus() {
45.     Param(
46.         [Parameter(Mandatory = $true)][string]$email,
47.         [AllowEmptyString()]$brief_report="$true"
48.     )
49.    
50.     try{
51.         if($brief_report) {
52.         $url = "https://haveibeenpwned.com/api/v2/breachedaccount/" + $email + "?truncateresponse=true"
53.         } else {
54.         $url = "https://haveibeenpwned.com/api/v2/breachedaccount/" + $email
55.         }
56.     $result = invoke-restmethod "$url" -UserAgent "I_script_stuff checker 0.01"
57.     return $result
58.     } catch {
59.     return $false
60.     }
61. }
62.  
63. foreach($email in $user_list) {
64.     if($result = get-breachedstatus $email $false) {
65.         $working_email_body = $body_html
66.         $act_on_notify = $false
67.         foreach($line in $result) {
68.         $service = $line.Name
69.         $breachdate = $line.breachdate
70.         $breach_record = "$email,$service,$breachdate"
71.             if($already_found -notcontains $breach_record) {
72.             echo "$breach_record"
73.             echo "$breach_record" >> $path_to_notified_file
74.                 if($email_notify) {
75.                 $act_on_notify = $true
76.                 $working_email_body += "<br>" + $breach_record
77.                 }
78.             }
79.         }
80.         $working_email_body += $body_signature
81.         if(($email_notify) -and ($act_on_notify)) {
82.             if($needs_email_creds) {
83.             Send-MailMessage -from $from -To "$email" -Subject $subject -bodyashtml($working_email_body) -smtpServer "$smtp" -port "$smtp_port" -credential $credentials -UseSsl
84.             } else {
85.             Send-MailMessage -from $from -To "$email" -Subject $subject -bodyashtml($working_email_body) -smtpServer "$smtp" -port "$smtp_port"
86.             }
87.         }
88.     }
89. #lets not abuse the api
90. sleep 5
91. }