eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
424 commits 5 branches 83 tags 53 MiB
Commit graph

119 commits

Author SHA1 Message Date
Mick Grove
98333a4bda updated anthropic rule 2025-10-23 15:02:30 -07:00
Mick Grove
a08f588a0f updated maxmind rule 2025-10-22 18:49:20 -07:00
Mick Grove
1b181a368a - Added provider-specific kingfisher scan subcommands (for example kingfisher scan github …) that translate into the legacy flags under the hood. The new layout keeps backwards compatibility while removing the wall of provider options from kingfisher scan --help. 
- Updated the README so every provider example (GitHub, GitLab, Bitbucket, Azure Repos, Gitea, Hugging Face, Slack, Jira, Confluence, S3, GCS, Docker) uses the new subcommand style.
- Restored the direct kingfisher scan /path/to/dir flow for local filesystem scans while adding a --list-only switch to each provider subcommand so repository enumeration no longer requires the standalone github repos, gitlab repos, etc. commands.
- Removed the legacy top-level provider commands (kingfisher github, kingfisher gitlab, kingfisher gitea, kingfisher bitbucket, kingfisher azure, kingfisher huggingface) now that enumeration lives under kingfisher scan <provider> --list-only.
- Fixed kingfisher scan github … (and other provider-specific subcommands) so they no longer demand placeholder path arguments before the CLI accepts the request.
- Removed the --bitbucket-username, --bitbucket-token, and --bitbucket-oauth-token flags in favour of KF_BITBUCKET_* environment variables when authenticating to Bitbucket.
 2025-10-22 16:24:09 -07:00
Mick Grove
122885199d - Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. 
- Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform
 2025-10-20 18:23:12 -07:00
Mick Grove
ec1d640b74 Added first-class Azure Repos support, including CLI commands, enumeration, and documentation updates 2025-10-04 23:12:28 -07:00
Mick Grove
d6d854c168 - Improved performance of tree-sitter parsing 
- Updated Windows build script to ensure static binary is produced
 2025-10-03 17:22:28 -07:00
Mick Grove
645bfa2e01 Populate the finding path from git blob metadata so history-derived secrets display their file location instead of an empty path 2025-09-24 10:06:47 -07:00
Mick Grove
def9e5d18c updated rule for AWS Secret Access key 2025-09-10 13:29:19 -07:00
Mick Grove
6a1d9e4142 - Enabled MongoDB URI validation 
- AWS + GCP validators now respect HTTPS_PROXY and share a consistent user agent across AWS, GCP, and HTTP validation
 2025-09-09 16:45:02 -07:00
Mick Grove
9b6c67c243 updated jwt rule 2025-09-04 23:31:34 -07:00
Mick Grove
dcd0460e8a fix ci build error 2025-08-31 10:27:16 -07:00
Mick Grove
43fce5159a Fix changes in response to code review 2025-08-30 20:07:31 -07:00
Mick Grove
9de355a5c8 Decode Base64 blobs and scan their contents for secrets while skipping short strings for performance 2025-08-30 16:44:55 -07:00
Mick Grove
e54dbe90d0 - Improved rules: github oauth2, diffbot, mailchimp, aws 
- Added validation to SauceLabs rule
- Added rules: shodan, bitly, flickr
 2025-08-29 17:24:26 -07:00
Mick Grove
4f77706d0c changes in response to code review 2025-08-27 15:43:31 -07:00
Mick Grove
b3f80d7a33 added top level 'self-update' cli sub command to update the binary independently. Now supports updating over homebrew managed binary 2025-08-27 15:35:01 -07:00
Mick Grove
c4cda65690 added rules for zhipu 2025-08-27 12:43:41 -07:00
Mick Grove
8798d799f9 added rules for together.ai 2025-08-27 12:20:44 -07:00
Mick Grove
41b237740b added rules for nvidia nim 2025-08-27 11:39:32 -07:00
Mick Grove
0bd7a428f6 added rules for cerbras, friendli, fireworks.ai 2025-08-27 11:25:39 -07:00
Mick Grove
1945d65a70 Added rule for 'weights and biases' 2025-08-27 10:20:04 -07:00
Mick Grove
b54f9894c2 added ollama rule 2025-08-26 10:22:18 -07:00
Mick Grove
78b9f3dd8d - Improved rules: AWS, pem 2025-08-22 16:16:00 -07:00
Mick Grove
ef4cb03226 mproved AWS rule 2025-08-22 13:26:54 -07:00
Mick Grove
71d0e02fc4 fixed failing tests 2025-08-21 16:13:03 -07:00
Mick Grove
36d9ba54a1 fixed failing tests 2025-08-21 16:11:34 -07:00
Mick Grove
81d2f47c67 - Added '--repo-artifacts' flag to scan repository issues, gists/snippets, and wikis when cloning via '--git-url' 
- Added rules for sendbird, mattermost, langchain, notion
- JWT validation hardened to reject alg:none by default (only allowed if explicitly configured), require iss for OIDC/JWKS verification, ensuring Active Credential means cryptographically verified and time-valid, not just unexpired
- Updated the Git cloning logic to include all refs and minimize clone output, allowing Kingfisher to analyze pull request and deleted branch history
 2025-08-21 15:39:04 -07:00
Mick Grove
4602ea8754 fixed example in rule 2025-08-18 23:32:15 -07:00
Mick Grove
951b62d61e - Added rules for clearbit, kickbox, azure container registry, improved Azure Storage key 
- Grouped JSON and JSONL outputs by rule, restoring matches arrays in reports
 2025-08-18 22:56:34 -07:00
Mick Grove
262adf658b added more rules 2025-08-16 20:36:22 -07:00
Mick Grove
6d669b4bb7 added more rules 2025-08-16 20:23:27 -07:00
Mick Grove
a2965bcf47 added more rules 2025-08-16 14:54:01 -07:00
Mick Grove
1d2522882a added clickhouse rule and validation 2025-08-16 08:41:39 -07:00
Mick Grove
7b08f5d447 removed serde_utils and added Authress rule 2025-08-16 07:35:52 -07:00
Mick Grove
6fb119d501 removed serde_utils and added Authress rule 2025-08-16 07:33:36 -07:00
Mick Grove
a3a7efb96e fixed aiven regex to pass test 2025-08-14 10:17:16 -07:00
Mick Grove
e83b171694 added rule for Vercel 2025-08-13 15:35:04 -07:00
Mick Grove
deef538835 fixed test 2025-08-13 09:20:36 -07:00
Mick Grove
f90c0a6eff Improved Tailscale api key detectors 2025-08-13 09:13:50 -07:00
Mick Grove
8c71eae231 Dropped the “prevalidated” flag from rule definitions and validation logic so every finding now flows through the standard active/inactive/unknown pipeline, simplifying rule configuration and preventing special‑case bypasses 2025-08-13 08:22:53 -07:00
Mick Grove
9275fb5541 - --quiet now suppresses scan summaries and rule statistics unless --rule-stats is explicitly provided 
- Added X Consumer key detection and validation
 2025-08-09 15:52:00 -07:00
Mick Grove
f1c3bcb56a Added X Consumer key detection and validation 2025-08-09 08:45:27 -07:00
Mick Grove
ac5b9fb594 JWT tokens without both 'iss' and 'aud' are no longer reported as active credentials 2025-08-07 17:21:16 -07:00
Mick Grove
63125b3a7f Fixed GitHub organization and GitLab group scans when using '--git-history=none' 2025-08-07 16:13:57 -07:00
Mick Grove
fb2b91595b Fixed validation logic for clarifai rule 2025-08-06 21:31:02 -07:00
Mick Grove
a502375f78 fixing github action failure for linux-arm6 when making deb 2025-08-05 18:06:09 -07:00
Mick Grove
646e6175d2 Updated Supabase rule to detect project url's and validate their corresponding tokens 2025-08-05 16:25:22 -07:00
Mick Grove
5931847300 - Use system TLS root certificates to support self-hosted GitLab instances with internal CAs 
- Added new rule: Coze personal access token
 2025-08-05 14:45:51 -07:00
Mick Grove
28fd24c9b4 - Fixed header precedence so custom HTTP validation headers like "Accept" are preserved 
- Added new Heroku rule
 2025-08-04 19:32:19 -07:00
Mick Grove
bc05c3e5f2 refactored output reporting and formatting logic 2025-08-04 08:58:06 -07:00