top | item 46513711

Show HN: Kingfisher, a fast OSS secret scanner with validation and blast radius

3 points| micksmix | 2 months ago |github.com

I built Kingfisher, an extremely fast Apache 2.0 OSS secret scanner (Rust) that goes beyond simply finding secrets.

- Live validation: checks whether a candidate secret actually works, so you can ignore dead strings.

- "What can this key do?" / Access Mapping (optional): authenticates and enumerates the credential’s effective access (AWS, GCP, Azure, GitHub, GitLab).

- Local triage UI: opens a local-only report so you can review findings + blast radius without sending code anywhere.

Try it out:

  brew install kingfisher
  #
  kingfisher scan /path/to/code --view-report
  #
  kingfisher scan --git-url https://github.com/org/repo.git --view-report
  #
  kingfisher scan . --access-map --view-report

I'd love feedback on:

- false positives/negatives on your repos - which access-map / blast radius target you want next - what the UI should surface first during incident triage

discuss

No comments yet.