Postleaks
Project description
Postleaks
Description
Postman is an awesome platform to build and use APIs, used by millions developers.
It proposes also public API assets built by them which can contains custom endpoints and data. Unfortunately, these items can leak sensitive data about private websites and companies.
This script is aimed to search for these pieces of information in Postman public library.
Installation
pip3 install postleaks
or
pip3 install .
Usage
❯ postleaks -h
usage: postleaks [-h] -k KEYWORD [--extend-workspaces] [--include INCLUDE] [--exclude EXCLUDE] [--raw] [--output OUTPUT]
Postleaks 🚀💧 Search for sensitive data in Postman public library.
options:
-h, --help show this help message and exit
-k KEYWORD Keyword (Domain, company, etc.)
--extend-workspaces Extend search to Postman workspaces linked to found requests (Warning: request consuming and risk of false positive)
--include INCLUDE URL should match this string
--exclude EXCLUDE URL should not match this string
--raw Display raw filtered results as JSON
--output OUTPUT Store JSON in specific output folder (Default: results_<TIMESTAMP>)
The results are available in results_<TIMESTAMP>
subfolder. The filename is the request identifier in Postman.com
Example
Notes
Secret detection is done with whispers. Rules are stored in config.yml
file.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
postleaks-1.0.0.tar.gz
(17.5 kB
view hashes)
Built Distribution
postleaks-1.0.0-py3-none-any.whl
(18.1 kB
view hashes)
Close
Hashes for postleaks-1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | bc0132d15d90fe5453664f1973930c6aca6e636457bcb35b13b82f2d44f19655 |
|
MD5 | 781cdd19984b8bf5545daced54a3b6c4 |
|
BLAKE2b-256 | 30523bc5c01ba68bef85a6a27991a55b45634b87ee66fd6eeabc7160ab5fba0a |