eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/docs/assets/icons
History
Exact
Mick Grove 8d9f5bed40 Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports.
2026-04-29 08:58:11 -07:00
..
aws-s3.svg Updated README 2025-10-05 16:37:15 -07:00
azure-devops.svg Updated README 2025-10-05 16:42:29 -07:00
bitbucket.svg Updated README 2025-10-05 16:37:15 -07:00
confluence.svg Updated README 2025-10-05 16:37:15 -07:00
docker.svg Updated README 2025-10-05 16:37:15 -07:00
files.svg Updated README 2025-10-05 16:37:15 -07:00
gcs.svg change in response to code review 2025-10-16 10:52:33 -07:00
gitea.svg Updated README 2025-10-05 16:37:15 -07:00
github.svg Updated README 2025-10-05 16:37:15 -07:00
gitlab.svg Updated README 2025-10-05 16:37:15 -07:00
huggingface.svg - Added first-class Hugging Face scanning support, including CLI enumeration, token authentication, and integration with remote scans. 2025-10-15 22:47:40 -07:00
jira.svg Updated README 2025-10-05 16:37:15 -07:00
local-git.svg Updated README 2025-10-05 16:37:15 -07:00
postman.svg Added first-class **Postman** scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports. 2026-04-29 08:58:11 -07:00
slack.svg Updated README 2025-10-05 16:37:15 -07:00
teams.svg added Teams support 2026-03-13 17:39:34 -07:00