report/html does not populate leak column in credentials table with data from HIBP modules

Issue #261 open
jethro inwald
created an issue

So it looks like for what ever reason the html reports from recon-ng don't populate the leak column in the credentials table with data from hibp_breach or hibp_paste even with SANITIZE set to False.

Comments (7)

  1. Tim Tomes repo owner

    That's because Recon-ng doesn't store anything in the leak column for these modules. The reason is that the leak column has a special purpose in association with the PwnedHub modules. Also, I recommend using the ./recon-web command for all reporting, exporting, and analysis. Check it out.

  2. jethro inwald reporter

    I am not sure what use the HIBP modules are then, why bother having modules that check a source for leaked credentials if it won't tell you what leaks those credentials are from. Can you please clarify the intended use then?

  3. Tim Tomes repo owner

    It validates that an identified username/email address has been compromised at some point in time, and stores it in the credentials table for further evaluation. Whether that's running it against PwnedList by itself, or doing some additional mining of the dark web for the password. I can see value in storing the information that HIBP provides in reference to the source of the leak, but that column was specifically designed to hold a pwnedlist reference, and there are several other parts of the framework that expect a certain kind of data there. If you just put "Dropbox" in there, it would break several other modules. There's a decent amount of engineering that would need to be done to make this work like you want it to.

  4. Log in to comment