eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/crates/kingfisher-core
History
Exact
Mick Grove 54d9fc7ecd preparing for v1.100.0
2026-05-18 13:03:16 -07:00
..
src preparing for v1.100.0 2026-05-18 13:03:16 -07:00
Cargo.toml Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 11:09:47 -07:00
README.md Kingfisher can now generate an auditor-friendly HTML report 2026-02-15 14:29:42 -08:00

README.md

kingfisher-core

Foundational types and utilities for the Kingfisher secret scanning ecosystem.

This crate provides:

  • blob and content abstractions
  • source location and origin modeling
  • shared error and entropy helpers

It is intended as the stable base for kingfisher-rules and kingfisher-scanner.