eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,506 commits 5 branches 83 tags 53 MiB
Commit graph

102 commits

Author SHA1 Message Date
Mick Grove
1619737e2c improved access map viewer 2026-04-30 18:11:10 -07:00
Mick Grove
20e08105cf improved github organization scanning 2026-04-30 16:40:43 -07:00
Mick Grove
30b9eba427 copilot fixes 2026-04-29 22:50:31 -07:00
Mick Grove
8d9f5bed40 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:58:11 -07:00
Mick Grove
997480ffc7 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:12:08 -07:00
Mick Grove
19dafa42ea Added provider endpoint overrides for validation and revocation via global --endpoint PROVIDER=URL and --endpoint-config FILE, with built-in support for self-hosted GitHub, GitLab, Gitea, Jira, Confluence, and Artifactory instances. 2026-04-27 13:20:16 -07:00
Mick Grove
d8e0a41fe8 performance improvements and rule improvements 2026-04-23 14:42:10 -07:00
Mick Grove
7ee1fd5163 performance improvements and rule improvements 2026-04-22 23:39:19 -07:00
Mick Grove
9d7e31980c performance improvements and rule improvements 2026-04-19 22:38:39 -07:00
Mick Grove
c50b3ba292 performance improvements and rule improvements 2026-04-19 16:33:13 -07:00
Mick Grove
e4cd6dd164 performance improvements and rule improvements 2026-04-17 16:53:21 -07:00
Mick Grove
c89e527053 bug fix 2026-04-16 06:44:12 -07:00
Mick Grove
93a9cb796e updates to new rules 2026-04-15 17:13:10 -07:00
Mick Grove
d2008dc3b7 cleaned up dependency tree 2026-04-13 20:43:09 -07:00
Mick Grove
0cb854872b Replaced tree-sitter with a lighter parser-based context verifier built from handwritten lexers plus tl/cssparser, preserving context-dependent matching while cutting about 19 MB from the release binary. 2026-04-07 23:20:17 -07:00
Mick Grove
d42620919f updated dependencies 2026-04-01 14:58:08 -07:00
Mick Grove
19fe52a9bf added more access-maps 2026-04-01 10:20:52 -07:00
Mick Grove
1c7341f3ac updated in response to ossf scorecard 2026-03-27 15:04:14 -07:00
Mick Grove
f0a3bee587 added --max-validation-response-length <BYTES> 2026-03-16 22:25:32 -07:00
Mick Grove
349b8165aa Added TOON output support, to optimize usage of kingfisher from LLM/agent workflows 2026-03-15 15:00:59 -07:00
Mick Grove
e54b87a322 added Teams support 2026-03-13 22:53:05 -07:00
Mick Grove
60931c11a9 added Teams support 2026-03-13 17:39:34 -07:00
Mick Grove
d30f6af63b Fix view port hints and sqlite budget checks 2026-02-28 13:31:02 -07:00
Mick Grove
3220ed3a80 Merge branch 'codex/pr-244-mergeable' into development 
* codex/pr-244-mergeable:
  Add Jira comment and changelog scanning
 2026-02-28 11:14:19 -07:00
Mick Grove
719b91301d Add Jira comment and changelog scanning 2026-02-28 11:13:00 -07:00
Mick Grove
0ae4e8445c Updated kingfisher scan to accept Git repository URLs as positional targets (for example kingfisher scan github.com/org/repo or kingfisher scan https://gitlab.com/group/project.git) without requiring --git-url. 2026-02-26 23:14:18 -07:00
Mick Grove
92f43d2e29 added --turbo mode 2026-02-24 12:25:12 -07:00
Mick Grove
aa29ee0e99 added '--fast' mode which sets maximum scan speed. Omits git commit context and will not base64 decode 2026-02-23 22:34:23 -07:00
Mick Grove
05002fe4d6 added more access-maps 2026-02-19 20:39:07 -08:00
Mick Grove
a9c5d8524f added more access-maps 2026-02-19 18:19:20 -08:00
Mick Grove
3b1085baa6 added buildkit and harness to access-map 2026-02-17 22:58:29 -08:00
Mick Grove
39a4e217e3 Kingfisher can now generate an auditor-friendly HTML report 2026-02-15 14:29:42 -08:00
Mick Grove
816d5c40ba wip 1.83 2026-02-13 16:41:28 -08:00
Mick Grove
5882468177 Added optional validation rate limiting via --validation-rps (global) and repeatable --validation-rps-rule <RULE_SELECTOR=RPS> (per-rule override) for both scan and validate. Throttling now applies across built-in validator types (HTTP/gRPC plus AWS, GCP, Coinbase, MongoDB, Postgres, MySQL, JDBC, JWT, and Azure Storage). Rule selectors support the short form (for example, github=2 matches kingfisher.github.*) with longest-prefix precedence when multiple selectors apply. 2026-02-12 12:33:59 -08:00
Mick Grove
2866367c2e v1.80.0 2026-02-09 12:11:35 -08:00
Mick Grove
5253204c2a preparing for v1.78.0 2026-02-02 23:22:08 -08:00
Mick Grove
aee1050620 ensured more CLI arguments are global 2026-01-30 08:04:15 -08:00
Mick Grove
8be7941333 Added 'revoke' subcommand and support for a new optional 'revocation' structure to the rules. Supporting GitHub and Slack right now 2026-01-29 12:45:32 -08:00
Mick Grove
1c45efde3e Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 22:24:35 -08:00
Mick Grove
76be1df60c Refactored into multiple crates. Added the 'validate' subcommand 2026-01-28 10:27:24 -08:00
Mick Grove
26f41fcf7a - Enhanced Access Map View: added fingerprint display, enabled searching by fingerprint, and implemented bidirectional navigation between Findings and Access Map nodes. 
- Added Slack Access Map support with granular permissions in the tree view.
 2026-01-14 17:19:02 -08:00
Mick Grove
4f18541cb6 preparing v1.74.0 2026-01-12 22:50:05 -08:00
Mick Grove
7237a931d5 v1.73.0 2026-01-01 22:24:57 -08:00
Mick Grove
61986c469c updated ci build 2025-12-22 09:04:36 -08:00
Mick Grove
c0e0c7bc2d updated jsonwebtoken 2025-12-22 00:26:21 -08:00
Mick Grove
f1d139242f Aliased "kingfisher self-update" as "kingfisher update" 2025-12-21 23:55:39 -08:00
Mick Grove
957f95d456 Aliased "kingfisher self-update" as "kingfisher update" 2025-12-21 23:43:01 -08:00
Mick Grove
195f086afc added dark mode for finding + access map viewer 2025-12-12 17:21:17 -08:00
Mick Grove
f1a77a736c Updated precommit behavior and docs 2025-12-09 12:56:55 -08:00
Mick Grove
3be190edac Added a 'kingfisher view' subcommand that serves the bundled access-map HTML viewer from the binary so users can load JSON or JSONL reports passed on the CLI (or upload them in the browser) over a configurable local-only port. 2025-12-05 22:41:39 -08:00