Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces.

These details have not been verified by PyPI

Project links

Project description

postmaniac

Description

Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces.

It is designed to perform OSINT recognition on a target for pentesting, bugbounty and more, in order to get the maximum information from the requests left by developers on the Postman public workspaces.

Bonus:

No need to be authenticated
No API blocking / No rate-limit

Requirements

Python 3

Installation

With PyPI

pip3 install postmaniac

With Github

# clone the repo
$ git clone https://github.com/boringthegod/postmaniac.git

# change the working directory to postmaniac
$ cd postmaniac

# install postmaniac
$ python3 setup.py install

With Docker

You can pull the Docker image with:

docker pull ghcr.io/boringthegod/postmaniac:latest

And then launch the tool by not forgetting to specify your volume to be able to read the file scan.txt written in output

docker run -v scan:/output ghcr.io/boringthegod/postmaniac query

Usage

postmaniac can be run from the CLI and rapidly embedded within existing python applications.

usage: postmaniac [-h] query

Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces

positional arguments:
  query       name of the target (example: tesla)

options:
  -h, --help  show this help message and exit

All the interesting information (whether in the environment values of the Postman Workspace, or in authentication values, in the headers or directly in the body of each request) is retrieved and written in the scan.txt file

Demo

Details

Disclaimer

This tool is for educational purposes only, I am not responsible for its use.

License

GNU General Public License v3.0

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

This version

0.9.3

May 16, 2023

0.9.2

May 16, 2023

0.9.0

May 13, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

postmaniac-0.9.3.tar.gz (225.8 kB view details)

Uploaded May 16, 2023 Source

Built Distribution

postmaniac-0.9.3-py3-none-any.whl (18.7 kB view details)

Uploaded May 16, 2023 Python 3

File details

Details for the file postmaniac-0.9.3.tar.gz.

File metadata

Download URL: postmaniac-0.9.3.tar.gz
Upload date: May 16, 2023
Size: 225.8 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for postmaniac-0.9.3.tar.gz
Algorithm	Hash digest
SHA256	`f6b334a48e7726242f9a3534dc7202a1f1c77d67e39f2ecaab82d0a1f75ea7e6`
MD5	`be3c2060863c50c228150db5a3b87700`
BLAKE2b-256	`417e54f8d94d38fb23e38cf333d4d034c39b5153a407beb206815359dbd0e2be`

See more details on using hashes here.

File details

Details for the file postmaniac-0.9.3-py3-none-any.whl.

File metadata

Download URL: postmaniac-0.9.3-py3-none-any.whl
Upload date: May 16, 2023
Size: 18.7 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for postmaniac-0.9.3-py3-none-any.whl
Algorithm	Hash digest
SHA256	`8912f904dc7c6f9f667d8592d2f856bd1d322ab79439fa14c0b83606ebeace37`
MD5	`6a69a7751ef609897459b3fe04f262a0`
BLAKE2b-256	`b1c1c61023ddefc18f7fb6cf0c8e85912f5167341a4fb90573400bc96b0aeeb9`