Skip to main content

User Intel | Python SDK

Initializes a new Pangea service client.

UserIntel(token, config, logger_name)

required parameters

str

Pangea API token.

optional parameters

PangeaConfig | None

Configuration.

str

Logger name.

Look up information about a specific breach

UserIntel.breach(breach_id, verbose, provider, cursor, start, end, severity)

Given a provider specific breach ID, find details about the breach.

optional parameters

str

The ID of a breach returned by a provider

bool

Echo the API parameters in the response

str

Use reputation data from this provider

str

A token given in the raw response from SpyCloud. Post this back to paginate results

str

This parameter allows you to define the starting point for a date range query on the spycloud_publish_date field

str

This parameter allows you to define the ending point for a date range query on the spycloud_publish_date field

List[int]

Filter for records that match one of the given severities

Response Object

A PangeaResponse where the breach details are in the response.result field. Available response fields can be found in our API documentation

response = user_intel.breach(
    breach_id="66111",
)

Download file

UserIntel.download_file(url, filename)

Download a file from the specified URL and save it with the given filename.

required parameters

str

URL of the file to download

optional parameters

str | None

Name to save the downloaded file as. If not provided, the filename will be determined from the Content-Disposition header or the URL.

Check if a password was breached

UserIntel.is_password_breached(response, hash)

Helper function that simplifies searching the response's raw data for the full hash.

required parameters

PangeaResponse[UserBreachedResult]

API response from an earlier request

str

Password hash

Look up breached passwords

UserIntel.password_breached(hash_type, hash_prefix, verbose, raw, provider)

Determine if a password has been exposed in a security breach using a 5 character prefix of the password hash.

required parameters

str

Hash type to be looked up

str

The prefix of the hash to be looked up.

optional parameters

bool

Echo the API parameters in the response

bool

Include raw data from this provider

str

Use reputation data from this provider

Response Object

A PangeaResponse where the sanctioned source(s) are in the response.result field. Available response fields can be found in our API documentation

response = user_intel.password_breached(
    hash_prefix="5baa6",
    hash_type=HashType.SHA256,
    provider="spycloud",
)

Look up breached passwords V2

UserIntel.password_breached_bulk(hash_type, hash_prefixes, verbose, raw, provider)

Determine if a password has been exposed in a security breach using a 5 character prefix of the password hash.

required parameters

str

Hash type to be looked up

List[str]

The list of prefixes of the hashes to be looked up.

optional parameters

bool

Echo the API parameters in the response

bool

Include raw data from this provider

str

Use reputation data from this provider

Response Object

A PangeaResponse where the sanctioned source(s) are in the response.result field. Available response fields can be found in our API documentation

response = user_intel.password_breached_bulk(
    hash_prefixes=["5baa6"],
    hash_type=HashType.SHA256,
    provider="spycloud",
)

Poll result

UserIntel.poll_result(exception)

Returns request's result that has been accepted by the server

optional parameters

Optional[AcceptedRequestException]

Exception that was previously raised by the SDK on a call that is being processed.

Response Object

PangeaResponse

response = service.poll_result(exception)

Look up breached users

UserIntel.user_breached(email, username, ip, phone_number, start, end, verbose, raw, provider, cursor, severity)

Determine if an email address, username, phone number, or IP address was exposed in a security breach.

optional parameters

str

An email address to search for

str

An username to search for

str

An ip to search for

str

A phone number to search for. minLength: 7, maxLength: 15.

str

Earliest date for search

str

Latest date for search

bool

Echo the API parameters in the response

bool

Include raw data from this provider

str

Use reputation data from this provider

str

A token given in the raw response from SpyCloud. Post this back to paginate results

List[int]

Filter for records that match one of the given severities

Response Object

A PangeaResponse where the sanctioned source(s) are in the response.result field. Available response fields can be found in our API documentation

response = user_intel.user_breached(
    phone_number="8005550123",
    provider="spycloud",
    verbose=True,
    raw=True,
)

Look up breached users V2

UserIntel.user_breached_bulk(emails, usernames, ips, phone_numbers, domains, start, end, verbose, raw, provider, severity)

Determine if an email address, username, phone number, or IP address was exposed in a security breach.

optional parameters

List[str]

A list of email addresses to search for

List[str]

A list of usernames to search for

List[str]

A list of ips to search for

List[str]

A list of phone numbers to search for. minLength: 7, maxLength: 15.

List[str]

Search for user under these domains.

str

Earliest date for search

str

Latest date for search

bool

Echo the API parameters in the response

bool

Include raw data from this provider

str

Use reputation data from this provider

List[int]

Filter for records that match one of the given severities

Response Object

A PangeaResponse where the sanctioned source(s) are in the response.result field. Available response fields can be found in our API documentation

response = user_intel.user_breached_bulk(
    phone_numbers=["8005550123"],
    provider="spycloud",
    verbose=True,
    raw=True,
)