eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,570 commits 5 branches 83 tags 53 MiB
Commit graph

5 commits

Author SHA1 Message Date
Mick Grove
93b48e86df fixing bugs 2026-05-28 20:09:08 -07:00
Mick Grove
54d9fc7ecd preparing for v1.100.0 2026-05-18 13:03:16 -07:00
Mick Grove
c387ac08d2 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 11:09:47 -07:00
Mick Grove
c171704884 updated vectorscan 2026-04-02 19:35:30 -07:00
Mick Grove
0c77e3c4a3 openssf scorecard suggested improvements 2026-03-19 23:52:38 -07:00