From 849335b1f60503b0db853eb11c455ceb7e515ad3 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Wed, 8 Jan 2025 18:15:29 +0100 Subject: [PATCH] fixes to new darkweb scanning --- .../Entrypoints/Invoke-ListBreachesAccount.ps1 | 7 ++++++- .../Public/HIBP/Get-BreachInfo.ps1 | 16 ++++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1 index 03473f343622..827a151ded72 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1 @@ -13,7 +13,12 @@ Function Invoke-ListBreachesAccount { $APIName = $TriggerMetadata.FunctionName Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $Results = Get-HIBPRequest "breachedaccount/$($Request.query.account)?truncateResponse=false" + if ($request.query.account -like '*@*') { + $Results = Get-HIBPRequest "breachedaccount/$($Request.query.account)?truncateResponse=false" + } else { + $Results = Get-BreachInfo -Domain $Request.query.account + } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK diff --git a/Modules/CippExtensions/Public/HIBP/Get-BreachInfo.ps1 b/Modules/CippExtensions/Public/HIBP/Get-BreachInfo.ps1 index 1e8f6f168a73..f90f478b0e70 100644 --- a/Modules/CippExtensions/Public/HIBP/Get-BreachInfo.ps1 +++ b/Modules/CippExtensions/Public/HIBP/Get-BreachInfo.ps1 @@ -2,10 +2,18 @@ function Get-BreachInfo { [CmdletBinding()] param( [Parameter()] - $TenantFilter + $TenantFilter, + [Parameter()]$Domain + ) - $Data = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $TenantFilter | ForEach-Object { - Invoke-RestMethod -Uri "https://geoipdb.azurewebsites.net/api/Breach?func=domain&domain=$($_.id)" + if ($TenantFilter) { + $Data = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $TenantFilter | ForEach-Object { + Invoke-RestMethod -Uri "https://geoipdb.azurewebsites.net/api/Breach?func=domain&domain=$($_.id)" + } + return $Data + } else { + $data = Invoke-RestMethod -Uri "https://geoipdb.azurewebsites.net/api/Breach?func=domain&domain=$($domain)&format=breachlist" + return $Data } - return $Data + }