eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions

added pipedrive and amplitude

Browse source
This commit is contained in:
Mick Grove 2026-02-17 16:42:44 -08:00
commit 32d40c0b53
5 changed files with 117 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -2,6 +2,9 @@
All notable changes to this project will be documented in this file.
## [v1.84.0]
- Added/updated `pipedrive` and `amplitude` rules
## [v1.83.0]
- Kingfisher can now generate an auditor-friendly HTML report: `--format html --output kingfisher-audit.html`
- Architecture: split `matcher.rs` into a `src/matcher/` module directory with focused sub-modules (`base64_decode`, `captures`, `conversion`, `dedup`, `filter`, `fingerprint`). Decomposed `filter_match` into smaller validation helpers.

2
Cargo.toml
View file

@ -48,7 +48,7 @@ http = "1.4"
[package]
name = "kingfisher"
version = "1.83.0"
version = "1.84.0"
description = "MongoDB's blazingly fast and accurate secret scanning and validation tool"
edition.workspace = true
rust-version.workspace = true

56
crates/kingfisher-rules/data/rules/amplitude.yml Normal file
View file

@ -0,0 +1,56 @@
rules:
- name: Amplitude Secret Key
id: kingfisher.amplitude.``
pattern: |
(?xi)
\b
amplitude
(?:.|[\n\r]){0,32}?
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN|AUTHORIZATION)
(?:.|[\n\r]){0,16}?
\b
(
[a-f0-9]{32}
)
\b
pattern_requirements:
min_digits: 4
min_entropy: 3.3
confidence: medium
examples:
- 'amplitude_api_key=8b6f8d6594749cb659b1be03e6a0a2e7'
- 'AMPLITUDE_API_KEY=ef929907c3923e8f3da83c24f0255aa6'
- |
curl --location --request GET 'https://amplitude.com/api/2/export?start=20220101T00&end=20220127T00' \
--header 'Authorization: Basic YWhhbWwsdG9uQGFwaWdlZS5jb206bClwYXNzdzByZAo'
- "AMPLITUDE_SECRET_KEY=8b6f8d6594749cb659b1be03e6a0a2e7"
references:
- https://amplitude.com/docs/apis/authentication
- https://www.docs.developers.amplitude.com/analytics/apis/export-api/
validation:
type: Http
content:
request:
method: POST
url: https://api2.amplitude.com/2/httpapi
headers:
Content-Type: application/json
Accept: "*/*"
body: |
{
"api_key": "{{ TOKEN }}",
"events": [
{
"user_id": "203201202",
"device_id": "C8F9E604-F01A-4BD9-95C6-8E5357DF265D",
"event_type": "watch_tutorial"
}
]
}
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: WordMatch
words:
- '"code":200'

5
crates/kingfisher-rules/data/rules/google.yml
View file

@ -106,10 +106,9 @@ rules:
(?xi)
\b
(
AIza
[A-Za-z0-9_-]{35}
AIzaSy
[A-Za-z0-9_-]{33}
)
\b
pattern_requirements:
min_digits: 2
min_uppercase: 1

55
crates/kingfisher-rules/data/rules/pipedrive.yml Normal file
View file

@ -0,0 +1,55 @@
rules:
- name: Pipedrive API Token
id: kingfisher.pipedrive.1
pattern: |
(?xi)
\b
(?:
pipedrive
(?:.|[\n\r]){0,32}?
(?:api[_-]?token|x-api-token|token|authorization|key)
|
x-api-token
)
(?:.|[\n\r]){0,16}?
\b
(
[a-f0-9]{40}
)
\b
pattern_requirements:
min_digits: 4
min_entropy: 3.3
confidence: high
examples:
- 'x-api-token: 659c9fddb16335e48cc67114694b52074e812e03'
- 'PIPEDRIVE_API_TOKEN=740dd23ada464336f353b4d08e83c4a801fc1d86'
- 'x-api-token: 2592440cff58a695e33e5776160c4ee5e73e1b9c'
- 'pipedrive token: bbbe1b93ebbf4b0a68a752916b58c8df9b1acae8'
- |
curl --request GET \
--url "https://companydomain.pipedrive.com/api/v2/deals" \
--header "x-api-token: 659c9fddb16335e48cc67114694b52074e812e03"
references:
- https://pipedrive.readme.io/docs/core-api-concepts-authentication
- https://pipedrive.readme.io/docs/how-to-find-the-api-token
validation:
type: Http
content:
request:
method: GET
url: https://api.pipedrive.com/v1/users/me
headers:
x-api-token: "{{ TOKEN }}"
Accept: application/json
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: WordMatch
words:
- '"success":true'
- '"data"'
match_all_words: true
# Revocation note: Pipedrive API tokens are managed via UI/admin controls.
# No documented token-self-revocation endpoint is available for this token format.