Aus einem Powershell-Beispiel von „IT Pro blog“ weiterentwickelt
https://infracloud.wordpress.com/2015/10/29/have-you-been-pwned-use-powershell-to-find-out/
Get-Pwned.ps1

Import-Module „C:\adm\custom\BasicTools.psm1“
$Global:CheckURI = „https://haveibeenpwned.com/api/v2/breachedaccount“
$global:OutputPath = „C:\“
$global:results = @()
Function ValidateAddress($Emailaddress){
try{
$Request = Invoke-WebRequest -Uri „$global:CheckURI/$Emailaddress“
$Response = ConvertFrom-Json $Request
Return $Response
}
catch [exception]
{
Return $null
}
}
Function IsValidEMail($email){
    $EmailRegex = ‚^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$‘;
    return ($email -match $EmailRegex)
}
Function IsValidDomain($mailaddress){
$domain = $mailaddress.Substring($mailaddress.IndexOf(„@“)+1)
$obj = Get-AcceptedDomain -Identity $domain -ErrorAction SilentlyContinue
if ($obj -eq $null){
$result = $false
}else{
$result = $true
}

return $result
}
Function ConvertHaveibeenpwnedObject($obj,$mailaddress,$username){
Set-ToolsLogAddLine -LogTXT „Compromised account $username, $mailaddress“
$result = New-Object -TypeName PSObject
$result | Add-Member -MemberType NoteProperty -Name username -Value $username
$result | Add-Member -MemberType NoteProperty -Name mailaddress -Value $mailaddress
$result | Add-Member -MemberType NoteProperty -Name HIBPAddedDate -Value $obj.AddedDate
$result | Add-Member -MemberType NoteProperty -Name HIBPBreachDate -Value $obj.BreachDate
$result | Add-Member -MemberType NoteProperty -Name HIBPDataClasses -Value ([system.String]::Join(„;“,$obj.DataClasses))
$result | Add-Member -MemberType NoteProperty -Name HIBPDescription -Value $obj.Description
$result | Add-Member -MemberType NoteProperty -Name HIBPDomain -Value $obj.Domain
$result | Add-Member -MemberType NoteProperty -Name HIBPIsSensitive -Value $obj.IsSensitive
$result | Add-Member -MemberType NoteProperty -Name HIBPIsVerified -Value $obj.IsVerified
$result | Add-Member -MemberType NoteProperty -Name HIBPLogoType -Value $obj.LogoType
$result | Add-Member -MemberType NoteProperty -Name HIBPName -Value $obj.Name
$result | Add-Member -MemberType NoteProperty -Name HIBPPwnCount -Value $obj.PwnCount
$result | Add-Member -MemberType NoteProperty -Name HIBPTitle -Value $obj.Title
return $result
}
Function main{
Set-ToolsLogCreate -LogFilePath „C:\adm\custom\logs\“ -LogPrefix „CompromisedAccounts“
Remove-ToolsLog -olderThenDays 21
Set-ToolsLogAddLine -LogTXT „Collect accounts“

$users = Get-ADUser -LDAPFilter „(mail=*)“ -Properties mail, proxyaddresses -ResultSetSize $null

$i = ($users).Count
Set-ToolsLogAddLine -LogTXT „Test $i accounts“
$i = 0
foreach($user in $users){
$i ++
if($i/100 -is [int]){Set-ToolsLogAddLine -LogTXT „$i accounts tested“}
$proxymail = „“
$usermail = „“
$usermail = $user.mail.ToLower()
$output = „“
if (IsValidEMail($usermail)){
if (isValidDomain($usermail)){
$obj = ValidateAddress($usermail)
if ($obj -ne $null){
$global:results += ConvertHaveibeenpwnedObject -obj $obj -mailaddress $usermail -username $user.SamAccountName
}
}
}
Foreach($proxyAddress in $user.proxyaddresses){
$proxymail = $proxyAddress.ToLower()
if ($proxymail.StartsWith(„smtp:“)){
$proxymail = $proxymail.Substring($proxymail.IndexOf(„smtp:“)+5)
if (IsValidEMail($proxymail)){
if ($proxymail -ne $usermail){
if (isValidDomain($proxymail)){
$obj = ValidateAddress($proxymail)
if ($obj -ne $null){
$global:results += ConvertHaveibeenpwnedObject -obj $obj -mailaddress $usermail -username $user.SamAccountName
}
}
}
}
}
}
}
Set-ToolsLogAddLine -LogTXT „Finish“ -foregroundcolor „green“ -backgroundcolor „darkgray“
$global:results | Export-csv „$global:OutputPath\CompromisedAccounts.csv“
}

main