You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Based on feedback from @TMDeal, @liquidsec, and @aconite33, there are sometimes a lot of postman results where it's hard to tell how they're related to the target.
@domwhewell-sage has already added a custom check to discard unrelated search results. I don't think this is so much the fault of the postman module as how we are reporting the data.
Nothing needs to be done right away but I'm just thinking about how we could improve this in the future.
We're on the verge of having a really dangerous set of secrets detection modules -- gitlab, github, docker, postman, trufflehog, etc. -- and as we keep building on them, I'm starting to think they deserve their own event type, something like LOOT_ME. It wouldn't actually be called LOOT_ME but the idea is that it's a big blob of text that might contain juicy things. Roughly analogous to RAW_RIR_DATA in spiderfoot.
This would allow us to attach context-specific info to the event like "This secret was found from a search of evilcorp.com against the postman API, and we found it in this workspace under this specific request".
The text was updated successfully, but these errors were encountered:
Based on feedback from @TMDeal, @liquidsec, and @aconite33, there are sometimes a lot of postman results where it's hard to tell how they're related to the target.
@domwhewell-sage has already added a custom check to discard unrelated search results. I don't think this is so much the fault of the postman module as how we are reporting the data.
Nothing needs to be done right away but I'm just thinking about how we could improve this in the future.
We're on the verge of having a really dangerous set of secrets detection modules --
gitlab
,github
,docker
,postman
,trufflehog
, etc. -- and as we keep building on them, I'm starting to think they deserve their own event type, something likeLOOT_ME
. It wouldn't actually be calledLOOT_ME
but the idea is that it's a big blob of text that might contain juicy things. Roughly analogous toRAW_RIR_DATA
in spiderfoot.This would allow us to attach context-specific info to the event like "This secret was found from a search of
evilcorp.com
against the postman API, and we found it in this workspace under this specific request".The text was updated successfully, but these errors were encountered: