salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merge: phase 16 resolve conflicts

Browse Source
This commit is contained in:
salvacybersec
2026-04-06 16:47:10 +03:00
parent 94238eb72b 3192cea9e3
commit a8bcb44912
8 changed files with 828 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.planning/REQUIREMENTS.md
View File

@@ -199,8 +199,8 @@ Requirements for initial release. Each maps to roadmap phases.
### OSINT/Recon — API Marketplaces
- [ ] **RECON-API-01**: Postman public collections and workspaces scanning
- [ ] **RECON-API-02**: SwaggerHub published API scanning
- [x] **RECON-API-01**: Postman public collections and workspaces scanning
- [x] **RECON-API-02**: SwaggerHub published API scanning
### OSINT/Recon — Infrastructure

59
.planning/phases/16-osint_threat_intel_mobile_dns_api_marketplaces/16-03-SUMMARY.md Normal file
View File

@@ -0,0 +1,59 @@
---
phase: 16-osint-threat-intel-mobile-dns-api-marketplaces
plan: 03
subsystem: recon-sources
tags: [osint, api-marketplace, postman, swaggerhub, rapidapi, recon]
dependency_graph:
requires: [recon.ReconSource interface, sources.Client, BuildQueries, ciLogKeyPattern]
provides: [PostmanSource, SwaggerHubSource, RapidAPISource]
affects: [RegisterAll wiring]
tech_stack:
added: []
patterns: [credentialless API marketplace scanning, HTML scraping for RapidAPI, JSON API for Postman/SwaggerHub]
key_files:
created:
- pkg/recon/sources/postman.go
- pkg/recon/sources/postman_test.go
- pkg/recon/sources/swaggerhub.go
- pkg/recon/sources/swaggerhub_test.go
- pkg/recon/sources/rapidapi.go
- pkg/recon/sources/rapidapi_test.go
modified: []
decisions:
- All three sources are credentialless -- Postman and SwaggerHub have public APIs, RapidAPI is scraped
- RapidAPI uses HTML scraping approach since its internal search API is not stable
- SwaggerHub fetches full spec content after search to scan example values for keys
metrics:
duration: 2min
completed: 2026-04-06
tasks: 2
files: 6
---
# Phase 16 Plan 03: Postman, SwaggerHub, RapidAPI Sources Summary
API marketplace recon sources scanning public Postman collections, SwaggerHub API specs, and RapidAPI listings for hardcoded API keys in examples and documentation.
## Task Results
### Task 1: Postman and SwaggerHub sources
- **Commit:** edde02f
- **PostmanSource:** Searches via Postman internal search proxy (`/ws/proxy`) for key patterns in collection snippets
- **SwaggerHubSource:** Two-phase: search public specs, then fetch each spec and scan for keys in example values, server URLs, security scheme defaults
- **Tests:** 8 tests (Name, Enabled, Sweep with match, Sweep empty) for both sources
### Task 2: RapidAPI source
- **Commit:** 297ad3d
- **RapidAPISource:** Scrapes public search result pages for key patterns in code examples and descriptions
- **Confidence:** Set to "low" (HTML scraping is less precise than JSON API parsing)
- **Tests:** 4 tests (Name, Enabled, Sweep with match, Sweep clean HTML)
## Deviations from Plan
None -- plan executed exactly as written.
## Known Stubs
None. All three sources are fully functional with real API endpoint patterns.
## Self-Check: PASSED