Show HN: Kingfisher, a fast OSS secret scanner with validation and blast radius(github.com)
github.com
Show HN: Kingfisher, a fast OSS secret scanner with validation and blast radius
https://github.com/mongodb/kingfisher
0 comments
—
https://github.com/mongodb/kingfisher
—
- Live validation: checks whether a candidate secret actually works, so you can ignore dead strings.
- "What can this key do?" / Access Mapping (optional): authenticates and enumerates the credential’s effective access (AWS, GCP, Azure, GitHub, GitLab).
- Local triage UI: opens a local-only report so you can review findings + blast radius without sending code anywhere.
Try it out:
I'd love feedback on:
- false positives/negatives on your repos - which access-map / blast radius target you want next - what the UI should surface first during incident triage