search

wKovacs64 / pwned

A command-line tool for querying the 'Have I been pwned?' service.
https://wkovacs64.github.io/pwned
MIT License
228 stars 27 forks source link

Unexpected token 'Y' #239

Closed ru44 closed 1 year ago

ru44 commented 1 year ago

I believe there is issue in pwned tool

e.g. pwned ba loka@gmail.com

Unexpected token 'Y', "your reque"... is not valid JSON

is it only me?

wKovacs64 commented 1 year ago

I haven't paid for an API key so I can't test the ba command while authenticated, but seems to do what it's supposed to do while unauthenticated and the other commands that don't require an API key are all working.

What version of pwned? What version of Node.js? What operating system?

ru44 commented 1 year ago

OS: blackarch Node: v18.17.1 pwned: 2221.f3df0eb

wKovacs64 commented 1 year ago

2221.f3df0eb

That's not a valid version of pwned (latest published is 11.0.0), but that partial commit hash does match a commit from a few days ago so I'm guessing you're using a custom version built from source or something similar.

Do you get any different results running the distributed version via npx?

npx pwned ba loka@gmail.com

What about commands that don't require a paid API key like:

pwned pw password
ru44 commented 1 year ago

yea even when I run

npx pwned ba loka@gmail.com

getting the same but the free

npx pwned pw admin

its working fine

wKovacs64 commented 1 year ago

Try hitting the API directly with curl like so (replacing [YOUR_API_KEY] with your actual key):

curl --header "HIBP-API-Key: [YOUR_API_KEY]" -i https://haveibeenpwned.com/api/v3/breachedaccount/loka%40gmail.com

Then tell me whatever you can about the results without revealing anything you consider private information.

wKovacs64 commented 1 year ago

@ru44 I had to renew my API key to implement some new features in another project and I was able to retrieve your breached account information just fine.

ru44 commented 1 year ago

I see but still not working because when I run npx pwned ba loka@gamil.com I get image

wKovacs64 commented 1 year ago

Not sure what that could be other than something unusual on your end. Did you try the curl command to see if you get a reasonable response from the HIBP API directly?

ru44 commented 1 year ago

no not really how do I do that?

wKovacs64 commented 1 year ago

no not really how do I do that?

https://github.com/wKovacs64/pwned/issues/239#issuecomment-1791745903

wKovacs64 commented 1 year ago

@ru44 I was just able to successfully use pwned to look up your account in blackarch, so I'm going to close this as I don't see anything indicating it's a problem with the tool. Feel free to try the curl command I mentioned above, as it may reveal the next troubleshooting step.

Good luck!