Mick Grove
|
394d05dd4d
|
preparing for v1.99.0
|
2026-05-04 23:10:16 -07:00 |
|
Mick Grove
|
997480ffc7
|
Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports.
|
2026-04-29 08:12:08 -07:00 |
|
Mick Grove
|
c73a44fbf9
|
performance improvements and rule improvements
|
2026-04-24 12:02:27 -07:00 |
|
Mick Grove
|
5411a52211
|
updated to rust 1.94
|
2026-04-14 14:20:28 -07:00 |
|
Mick Grove
|
0cb854872b
|
Replaced tree-sitter with a lighter parser-based context verifier built from handwritten lexers plus tl/cssparser, preserving context-dependent matching while cutting about 19 MB from the release binary.
|
2026-04-07 23:20:17 -07:00 |
|
Mick Grove
|
45a565fa6e
|
added more rules
|
2026-04-06 22:18:58 -07:00 |
|
Mick Grove
|
19fe52a9bf
|
added more access-maps
|
2026-04-01 10:20:52 -07:00 |
|
Mick Grove
|
349b8165aa
|
Added TOON output support, to optimize usage of kingfisher from LLM/agent workflows
|
2026-03-15 15:00:59 -07:00 |
|
Mick Grove
|
02f235995b
|
v1.86.0
|
2026-03-06 09:02:11 -08:00 |
|
Mick Grove
|
e1c0702d3c
|
v1.86.0
|
2026-03-06 08:28:28 -08:00 |
|
Mick Grove
|
04de27052c
|
v1.86.0
|
2026-03-05 20:39:36 -08:00 |
|
Mick Grove
|
11c2b74d67
|
updated README
|
2026-03-05 13:23:19 -08:00 |
|
Mick Grove
|
dbdc5c0c82
|
added AGENTS.md
|
2026-03-04 22:45:41 -08:00 |
|