fixes to new darkweb scanning

KelvinTegelaar · Jan 8, 2025 · 849335b · 849335b
1 parent f9ec3c1
commit 849335b
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 5 deletions.
diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBreachesAccount.ps1
@@ -13,7 +13,12 @@ Function Invoke-ListBreachesAccount {
     $APIName = $TriggerMetadata.FunctionName
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
-    $Results = Get-HIBPRequest "breachedaccount/$($Request.query.account)?truncateResponse=false"
+    if ($request.query.account -like '*@*') {
+        $Results = Get-HIBPRequest "breachedaccount/$($Request.query.account)?truncateResponse=false"
+    } else {
+        $Results = Get-BreachInfo -Domain $Request.query.account
+    }
+
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK

diff --git a/Modules/CippExtensions/Public/HIBP/Get-BreachInfo.ps1 b/Modules/CippExtensions/Public/HIBP/Get-BreachInfo.ps1
@@ -2,10 +2,18 @@ function Get-BreachInfo {
     [CmdletBinding()]
     param(
         [Parameter()]
-        $TenantFilter
+        $TenantFilter,
+        [Parameter()]$Domain
+
     )
-    $Data = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $TenantFilter | ForEach-Object {
-        Invoke-RestMethod -Uri "https://geoipdb.azurewebsites.net/api/Breach?func=domain&domain=$($_.id)"
+    if ($TenantFilter) {
+        $Data = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $TenantFilter | ForEach-Object {
+            Invoke-RestMethod -Uri "https://geoipdb.azurewebsites.net/api/Breach?func=domain&domain=$($_.id)"
+        }
+        return $Data
+    } else {
+       $data = Invoke-RestMethod -Uri "https://geoipdb.azurewebsites.net/api/Breach?func=domain&domain=$($domain)&format=breachlist"
+       return $Data
     }
-    return $Data
+
 }