Account leaks are all but infrequent these days. Webleak is a simple tool that will periodically check for leaks for your account in large databases. Should one of your accounts be exposed, you will be instantly notified so you can take the appropriate measures (who said changing your password, and, even better, enable multi-factor authentication?).
Webleak is a serverless tool running on Webtask from the folks at Auth0. A free plan that offers more than enough resources for Webleak is available.
This software is a proof of concept at the moment, so notifications are only supported via text message with Twilio, which is cool enough. No doubt that you can easily extend to notify you via e-mail, smoke signals or avian carrier if needed.
- A Webstack account (which is free)
- A Twitter account (which is optional but recommended, and free), and a developer application key (free also)
- A Twilio account (which is equally free to try, and very inexpensive thereafter)
- Node and NPM (or Yarn) installed
Checking leak databases can be costly. Furthermore, the API limits are very tight. Twitter infrastructure is much less likely to be saturated and has much more generous API limits!
However, should you not define triggers for Webleak, the leak database will be accessed on each invocation.
First, you need to clone this repository:
$ git clone https://github.com/pierreis/webleak
$ cd webleak
$ yarn install // or npm install if you are old-school
The package includes very simple configuration scripts based on Gulp to make configuration a breeze.
$ yarn run bundle
$ yarn run configure
$ yarn run deploy
All these steps can be combined into one:
$ yarn start
If everything goes as expected, you should receive a text message automatically when your account leaks somewhere (which hopefully should not happen often).
Additional scripts are provided for more granular control over the deployment process:
$ yarn run bundle:config // Copy the configuration files to dist folder
$ yarn run bundle:watch // Run the bundle automatically whenever code changes
$ yarn run bundle:webtasks // Compile and minify source files with Babel
$ yarn run configure:accounts // Configure accounts to watch
$ yarn run configure:trigger // Configure triggers
$ yarn run confugure:notify // Configure notifications
$ yarn run configure:webtask // Configure webtask name and cron scheduling
The webtask can be undeployed by running:
$ yarn run undeploy
- The data is fetched by default from the awesome Have I Been Pwned database,
- The database check is triggered by new tweets on their account, which generally corresponds to new leaks,
- The defaults are to check for new leaks every hour,
- You will not be notified multiple times about the same leaks.
The command line configuration tool is great for getting started, but ultimately you can find yourself limited, and will want to edit the configuration file by yourself.
The configuration file lies in dist/config.json after bundle, and is pretty self-explanatory.