eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions

v1.90.0

Browse source
This commit is contained in:
Mick Grove 2026-03-18 17:06:55 -07:00
commit e6dd9cd7db
3 changed files with 110 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
- Added `--max-validation-response-length <BYTES>` for `scan` to control validation response storage truncation (default: `2048`, `0` disables truncation).
- Updated `--full-validation-response` to bypass both validation storage truncation and reporter truncation, preserving complete response bodies end-to-end for parsing/reporting workflows.
- Added Testkube detection/validation coverage with `kingfisher.testkube.*` rules for API keys plus dependent organization/environment IDs used for live API validation.
- Improved TrueNAS rule
## [v1.89.0]
- Added TOON output for `scan`, `validate`, and `revoke`, optimized for LLM/agent workflows; prefer `--format toon` when calling Kingfisher from an LLM.

2
README.md
View file

@ -4,7 +4,7 @@
<img src="docs/kingfisher_logo.png" alt="Kingfisher Logo" width="126" height="173" style="vertical-align: right;" />
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![Detection Rules](https://img.shields.io/badge/Detection%20Rules-544-2ea043.svg)](https://github.com/mongodb/kingfisher)<br>
[![Detection Rules](https://img.shields.io/badge/Detection%20Rules-546-2ea043.svg)](https://github.com/mongodb/kingfisher)<br>
[![ghcr downloads](https://ghcr-badge.elias.eu.org/shield/mongodb/kingfisher/kingfisher)](https://github.com/mongodb/kingfisher/pkgs/container/kingfisher)<br>

109
crates/kingfisher-rules/data/rules/truenas.yml
View file

@ -1,4 +1,28 @@
rules:
- name: TrueNAS Instance URL
id: kingfisher.truenas.3
visible: false
confidence: medium
min_entropy: 2.0
pattern: |
(?x)
\b
(
https?://[a-zA-Z0-9._:-]+
)
/api/v2\.0/
(?:system|pool|device|sharing|jail|vm|chart|app|zvol|dataset|replication|snapshot|boot|tunable|smb|nfs|iscsi|certificate|acme|filesystem|reporting|alert|update|core|initshutdownscript)
examples:
- http://192.168.0.30/api/v2.0/system/info
- https://truenas.example.com/api/v2.0/device/get_info
- https://nas.local:443/api/v2.0/pool/dataset
- http://10.0.0.1/api/v2.0/sharing/smb
- https://truenas.local/api/v2.0/jail/query
- http://192.168.1.50:80/api/v2.0/zvol/id
- https://nas:443/api/v2.0/boot/environment
references:
- https://www.truenas.com/docs/api/scale_rest_api.html
- name: TrueNAS API Key (WebSocket)
id: kingfisher.truenas.1
pattern: |
@ -30,12 +54,31 @@ rules:
- https://www.truenas.com/docs/scale/scaleclireference/auth/cliapikey/
- https://www.truenas.com/docs/scale/api/
- https://www.truenas.com/community/threads/api-examples-in-perl-python.108053/
depends_on_rule:
- rule_id: kingfisher.truenas.3
variable: TRUENAS_URL
validation:
type: Http
content:
request:
method: GET
url: "{{ TRUENAS_URL }}/api/v2.0/system/info"
headers:
Authorization: "Bearer {{ TOKEN }}"
Accept: application/json
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid
- name: TrueNAS API Key (REST API)
id: kingfisher.truenas.2
pattern: |
(?x)
Bearer\s*
/api/v2\.0
(?:.|[\n\r]){0,256}?
Bearer\s+
(\d+-[a-zA-Z0-9]{64})
\b
pattern_requirements:
@ -51,3 +94,67 @@ rules:
- https://www.truenas.com/docs/scale/scaleclireference/auth/cliapikey/
- https://www.truenas.com/docs/scale/api/
- https://www.truenas.com/community/threads/api-examples-in-perl-python.108053/
depends_on_rule:
- rule_id: kingfisher.truenas.3
variable: TRUENAS_URL
validation:
type: Http
content:
request:
method: GET
url: "{{ TRUENAS_URL }}/api/v2.0/system/info"
headers:
Authorization: "Bearer {{ TOKEN }}"
Accept: application/json
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid
- name: TrueNAS API Key (keyword proximity)
id: kingfisher.truenas.4
pattern: |
(?xi)
\b(?:truenas|true[_-]nas|tn[_-])
(?:.|[\n\r]){0,64}?
(?:api[_-]?key|api[_-]?token|key|token|secret|password|auth)
(?:.|[\n\r]){0,32}?
(
\d+-[a-zA-Z0-9]{64}
)
\b
pattern_requirements:
min_digits: 2
min_entropy: 3.3
confidence: medium
examples:
- 'TRUENAS_API_KEY=8-Lp22ov7halMBLUpG97Wg4y7fibQi3CW19VJiZcCu746zgCs0mdDdTCoOcpgEucgu'
- 'truenas_token: "10-6LZBVhNq8zze0rzXJptfSWDBoskWuThnQb3fUVw4sVNgJ7GKT3ITVIovhwPf34oL"'
- '"truenas_api_key": "9-hTSZDBPyg0PjRZvWb8omoxJ7X2gAjRGmiPKql9ENGIUP9OPtEAzz5f6g9YIMVbZT"'
- 'tn_api_key = "8-Lp22ov7halMBLUpG97Wg4y7fibQi3CW19VJiZcCu746zgCs0mdDdTCoOcpgEucgu"'
- 'true-nas_secret=9-hTSZDBPyg0PjRZvWb8omoxJ7X2gAjRGmiPKql9ENGIUP9OPtEAzz5f6g9YIMVbZT'
references:
- https://www.truenas.com/docs/api/core_websocket_api.html
- https://www.truenas.com/docs/api/scale_rest_api.html
- https://www.truenas.com/docs/scale/scaletutorials/toptoolbar/managingapikeys/
- https://www.truenas.com/docs/scale/scaleclireference/auth/cliapikey/
- https://www.truenas.com/docs/scale/api/
- https://www.truenas.com/community/threads/api-examples-in-perl-python.108053/
depends_on_rule:
- rule_id: kingfisher.truenas.3
variable: TRUENAS_URL
validation:
type: Http
content:
request:
method: GET
url: "{{ TRUENAS_URL }}/api/v2.0/system/info"
headers:
Authorization: "Bearer {{ TOKEN }}"
Accept: application/json
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid