salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(16-03): complete Postman, SwaggerHub, RapidAPI plan

Browse Source 
- SUMMARY with 2 tasks, 6 files, all tests passing
- STATE.md updated with progress and decisions
- REQUIREMENTS.md: RECON-API-01, RECON-API-02 marked complete
This commit is contained in:
salvacybersec
2026-04-06 16:45:50 +03:00
parent 297ad3dc2b
commit 3192cea9e3
3 changed files with 68 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
.planning/phases/16-osint_threat_intel_mobile_dns_api_marketplaces/16-03-SUMMARY.md Normal file
View File

@@ -0,0 +1,59 @@
---
phase: 16-osint-threat-intel-mobile-dns-api-marketplaces
plan: 03
subsystem: recon-sources
tags: [osint, api-marketplace, postman, swaggerhub, rapidapi, recon]
dependency_graph:
requires: [recon.ReconSource interface, sources.Client, BuildQueries, ciLogKeyPattern]
provides: [PostmanSource, SwaggerHubSource, RapidAPISource]
affects: [RegisterAll wiring]
tech_stack:
added: []
patterns: [credentialless API marketplace scanning, HTML scraping for RapidAPI, JSON API for Postman/SwaggerHub]
key_files:
created:
- pkg/recon/sources/postman.go
- pkg/recon/sources/postman_test.go
- pkg/recon/sources/swaggerhub.go
- pkg/recon/sources/swaggerhub_test.go
- pkg/recon/sources/rapidapi.go
- pkg/recon/sources/rapidapi_test.go
modified: []
decisions:
- All three sources are credentialless -- Postman and SwaggerHub have public APIs, RapidAPI is scraped
- RapidAPI uses HTML scraping approach since its internal search API is not stable
- SwaggerHub fetches full spec content after search to scan example values for keys
metrics:
duration: 2min
completed: 2026-04-06
tasks: 2
files: 6
---
# Phase 16 Plan 03: Postman, SwaggerHub, RapidAPI Sources Summary
API marketplace recon sources scanning public Postman collections, SwaggerHub API specs, and RapidAPI listings for hardcoded API keys in examples and documentation.
## Task Results
### Task 1: Postman and SwaggerHub sources
- **Commit:** edde02f
- **PostmanSource:** Searches via Postman internal search proxy (`/ws/proxy`) for key patterns in collection snippets
- **SwaggerHubSource:** Two-phase: search public specs, then fetch each spec and scan for keys in example values, server URLs, security scheme defaults
- **Tests:** 8 tests (Name, Enabled, Sweep with match, Sweep empty) for both sources
### Task 2: RapidAPI source
- **Commit:** 297ad3d
- **RapidAPISource:** Scrapes public search result pages for key patterns in code examples and descriptions
- **Confidence:** Set to "low" (HTML scraping is less precise than JSON API parsing)
- **Tests:** 4 tests (Name, Enabled, Sweep with match, Sweep clean HTML)
## Deviations from Plan
None -- plan executed exactly as written.
## Known Stubs
None. All three sources are fully functional with real API endpoint patterns.
## Self-Check: PASSED