Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces.
Project description
postmaniac
Description
Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces.
It is designed to perform OSINT recognition on a target for pentesting, bugbounty and more, in order to get the maximum information from the requests left by developers on the Postman public workspaces.
Bonus:
-
No need to be authenticated
-
No API blocking / No rate-limit
Requirements
Installation
With PyPI
pip3 install postmaniac
With Github
# clone the repo
$ git clone https://github.com/boringthegod/postmaniac.git
# change the working directory to postmaniac
$ cd postmaniac
# install postmaniac
$ python3 setup.py install
With Docker
You can pull the Docker image with:
docker pull ghcr.io/boringthegod/postmaniac:latest
And then launch the tool by not forgetting to specify your volume to be able to read the file scan.txt written in output
docker run -v scan:/output ghcr.io/boringthegod/postmaniac query
Usage
postmaniac can be run from the CLI and rapidly embedded within existing python applications.
usage: postmaniac [-h] query
Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces
positional arguments:
query name of the target (example: tesla)
options:
-h, --help show this help message and exit
All the interesting information (whether in the environment values of the Postman Workspace, or in authentication values, in the headers or directly in the body of each request) is retrieved and written in the scan.txt file
Demo
Details
Disclaimer
This tool is for educational purposes only, I am not responsible for its use.
License
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file postmaniac-1.0.0.tar.gz.
File metadata
- Download URL: postmaniac-1.0.0.tar.gz
- Upload date:
- Size: 225.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2be12f34a0b56432a9d084ab9f4d9c0bd2a3d9d1f063e53ea76de88cbef42297
|
|
| MD5 |
121b706b974c434af2235a8d88aeb4c4
|
|
| BLAKE2b-256 |
29de0fcf73debcb1e680e37a3acaa415141971a07bc7ccd02024acd18315a98d
|
File details
Details for the file postmaniac-1.0.0-py3-none-any.whl.
File metadata
- Download URL: postmaniac-1.0.0-py3-none-any.whl
- Upload date:
- Size: 18.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3256167a20858beef87ed6062c43650669be583875bb1cd8977f6e8b226b8a2d
|
|
| MD5 |
601c1a6b3354cf236661ccb20be42131
|
|
| BLAKE2b-256 |
4f5e461bc771541e87b16084450b920d5640920419b783b643256f23fc3c9388
|
