Mick Grove
|
997480ffc7
|
Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports.
|
2026-04-29 08:12:08 -07:00 |
|
Mick Grove
|
19dafa42ea
|
Added provider endpoint overrides for validation and revocation via global --endpoint PROVIDER=URL and --endpoint-config FILE, with built-in support for self-hosted GitHub, GitLab, Gitea, Jira, Confluence, and Artifactory instances.
|
2026-04-27 13:20:16 -07:00 |
|
Mick Grove
|
d8e0a41fe8
|
performance improvements and rule improvements
|
2026-04-23 14:42:10 -07:00 |
|
Mick Grove
|
7ee1fd5163
|
performance improvements and rule improvements
|
2026-04-22 23:39:19 -07:00 |
|
Mick Grove
|
09961f6feb
|
performance improvements and access map viewer improvements
|
2026-04-16 13:34:44 -07:00 |
|
Mick Grove
|
c89e527053
|
bug fix
|
2026-04-16 06:44:12 -07:00 |
|
Mick Grove
|
93a9cb796e
|
updates to new rules
|
2026-04-15 17:13:10 -07:00 |
|
Mick Grove
|
d5dbc92474
|
fixed failing windows test setup
|
2026-04-05 10:38:20 -07:00 |
|