eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,520 commits 5 branches 83 tags 53 MiB
Commit graph

20 commits

Author SHA1 Message Date
Mick Grove
12c141bfac preparing for v1.99.0 2026-05-05 07:08:40 -07:00
Mick Grove
aca11be36d preparing for v1.99.0 2026-05-04 23:47:48 -07:00
Mick Grove
394d05dd4d preparing for v1.99.0 2026-05-04 23:10:16 -07:00
Mick Grove
e30a7539b2 preparing for v1.99.0 2026-05-04 17:22:21 -07:00
Mick Grove
0e1fe0cede webhook support and kingfisher configuration yaml support 2026-05-03 23:10:45 -07:00
Mick Grove
20e08105cf improved github organization scanning 2026-04-30 16:40:43 -07:00
Mick Grove
1337588c7b Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 11:46:17 -07:00
Mick Grove
997480ffc7 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:12:08 -07:00
Mick Grove
19dafa42ea Added provider endpoint overrides for validation and revocation via global --endpoint PROVIDER=URL and --endpoint-config FILE, with built-in support for self-hosted GitHub, GitLab, Gitea, Jira, Confluence, and Artifactory instances. 2026-04-27 13:20:16 -07:00
Mick Grove
ceff3ab1c5 performance improvements and rule improvements 2026-04-24 00:23:50 -07:00
Mick Grove
d8e0a41fe8 performance improvements and rule improvements 2026-04-23 14:42:10 -07:00
Mick Grove
7ee1fd5163 performance improvements and rule improvements 2026-04-22 23:39:19 -07:00
Mick Grove
2d63146078 performance improvements and rule improvements 2026-04-17 18:06:17 -07:00
Mick Grove
09961f6feb performance improvements and access map viewer improvements 2026-04-16 13:34:44 -07:00
Mick Grove
c89e527053 bug fix 2026-04-16 06:44:12 -07:00
Mick Grove
93a9cb796e updates to new rules 2026-04-15 17:13:10 -07:00
Mick Grove
6100eeb6b5 updated docs 2026-04-14 22:56:19 -07:00
Mick Grove
365422a819 fixed performance regression 2026-04-09 22:21:02 -07:00
Mick Grove
45a565fa6e added more rules 2026-04-06 22:18:58 -07:00
Mick Grove
d5dbc92474 fixed failing windows test setup 2026-04-05 10:38:20 -07:00