Porch Pirate started as a tool to quickly uncover Postman secrets, and has slowly begun to evolve into a multi-purpose reconaissance / OSINT framework for Postman. While existing tools are great proof of concepts, they only attempt to identify very specific keywords as "secrets", and in very limited locations, with no consideration to recon beyond secrets. We realized we required capabilities that were "secret-agnostic", and had enough flexibility to capture false-positives that still provided offensive value. Porch Pirate enumerates and presents sensitive results (global secrets, unique headers, endpoints, query parameters, authorization, etc), from publicly accessible Postman entities, such as: Workspaces Collections Requests Users Teams Installation python3 -m pip install porch-pirate Using the client The Porch Pirate client can be used to nearly fully conduct reviews on public Postman entities in a quick and simple fashion. There are intended workflows and particular keywords to be used that can typically maximize results. These methodologies can be located on our blog: Plundering Postman with Porch Pirate. Porch Pirate supports the following arguments to be performed on collections, workspaces, or users. –globals –collections –requests –urls –dump –raw –curl Simple Search porch-pirate -s "coca-cola.com" Get Workspace Globals By default, Porch Pirate will display globals from all active and inactive environments if they are defined in the workspace….Read More
References
Back to Main