kingfisher

History

Mick Grove 12c141bfac preparing for v1.99.0		2026-05-05 07:08:40 -07:00
..
2026-04-28-beyond-detection-validate-map-revoke.md	webhook support and kingfisher configuration yaml support	2026-05-03 23:10:45 -07:00
2026-04-28-scan-github-org-for-secrets.md	webhook support and kingfisher configuration yaml support	2026-05-03 23:10:45 -07:00
2026-04-29-scanning-postman-for-leaked-secrets.md	Added first-class Postman scanning target: new kingfisher scan postman subcommand (and equivalent --postman-* flags) fetches workspaces, collections, and environments via the Postman API and scans them for hard-coded credentials in request auth blocks, pre-request/test scripts, saved example responses, and — notably — secret-typed environment variables, which the API returns in plaintext despite the UI mask. Selectors: --workspace, --collection, --environment, --all, with optional --include-mocks-monitors and --api-url for self-hosted endpoints. Authenticates via KF_POSTMAN_TOKEN (or POSTMAN_API_KEY) sent as X-Api-Key; honors X-RateLimit-RetryAfter on 429s. Findings link back to https://go.postman.co/... URLs in reports.	2026-04-29 08:12:08 -07:00
2026-05-04-real-time-secret-alerts-webhooks.md	preparing for v1.99.0	2026-05-05 07:08:40 -07:00