# Postleaks
## Description
[Postman](https://www.postman.com/home) is an awesome platform to build and use APIs, used by millions developers.
It proposes also public API assets built by them which can contains custom endpoints and data. Unfortunately, these items can leak sensitive data about private websites and companies.
This script is aimed to search for these pieces of information in Postman public library.
## Installation
```bash
pip3 install postleaks
```
or
```bash
pip3 install .
```
## Usage
```bash
❯ postleaks -h
usage: postleaks [-h] [-k KEYWORD] [-kf KEYWORD_FILE] [--extend-workspaces] [--strict] [--include INCLUDE] [--exclude EXCLUDE] [--raw] [--output OUTPUT]
Postleaks 🚀💧 Search for sensitive data in Postman public library.
options:
-h, --help show this help message and exit
-k KEYWORD Keyword (Domain, company, etc.)
-kf KEYWORD_FILE File containing keywords (one per line)
--extend-workspaces Extend search to Postman workspaces linked to found requests (warning: request consuming and risk of false positive)
--strict Only include results where keywords are in the URL (warning: could miss some results where the final URL is a variable)
--include INCLUDE URL should match this string
--exclude EXCLUDE URL should not match this string
--raw Display raw filtered results as JSON
--output OUTPUT Store JSON in specific output folder (Default: results_<TIMESTAMP>)
```
*The results are available in `results_<TIMESTAMP>` subfolder. The filename is the request identifier in Postman.com*
## Example
## Limitations
**Postman.com is limiting the results to 300 items (page size of 100 / offset of 200).**
## Notes
Secret detection is done with [whispers](https://github.com/adeptex/whispers). Rules are stored in `config.yml` file.
Raw data
{
"_id": null,
"home_page": "https://github.com/cosad3s/postleaks",
"name": "postleaks",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "leaks, postman, osint, bugbounty",
"author": "S\u00e9bastien Copin",
"author_email": "cosad3s@outlook.com",
"download_url": "https://files.pythonhosted.org/packages/88/b5/1f45de31e0f604b7cc37993142728f709803d19ab56bfb48ce4f3b51857e/postleaks-1.1.5.tar.gz",
"platform": null,
"description": "# Postleaks\n\n\n\n## Description\n\n[Postman](https://www.postman.com/home) is an awesome platform to build and use APIs, used by millions developers. \nIt proposes also public API assets built by them which can contains custom endpoints and data. Unfortunately, these items can leak sensitive data about private websites and companies. \nThis script is aimed to search for these pieces of information in Postman public library.\n\n## Installation\n\n```bash\npip3 install postleaks\n```\n\nor \n\n```bash\npip3 install .\n```\n\n## Usage\n\n```bash\n\u276f postleaks -h\nusage: postleaks [-h] [-k KEYWORD] [-kf KEYWORD_FILE] [--extend-workspaces] [--strict] [--include INCLUDE] [--exclude EXCLUDE] [--raw] [--output OUTPUT]\n\nPostleaks \ud83d\ude80\ud83d\udca7 Search for sensitive data in Postman public library.\n\noptions:\n -h, --help show this help message and exit\n -k KEYWORD Keyword (Domain, company, etc.)\n -kf KEYWORD_FILE File containing keywords (one per line)\n --extend-workspaces Extend search to Postman workspaces linked to found requests (warning: request consuming and risk of false positive)\n --strict Only include results where keywords are in the URL (warning: could miss some results where the final URL is a variable)\n --include INCLUDE URL should match this string\n --exclude EXCLUDE URL should not match this string\n --raw Display raw filtered results as JSON\n --output OUTPUT Store JSON in specific output folder (Default: results_<TIMESTAMP>)\n```\n\n*The results are available in `results_<TIMESTAMP>` subfolder. The filename is the request identifier in Postman.com*\n\n## Example\n\n\n\n## Limitations\n\n**Postman.com is limiting the results to 300 items (page size of 100 / offset of 200).**\n\n## Notes\n\nSecret detection is done with [whispers](https://github.com/adeptex/whispers). Rules are stored in `config.yml` file.\n",
"bugtrack_url": null,
"license": "GPL-3.0 License",
"summary": "Postleaks",
"version": "1.1.5",
"project_urls": {
"Homepage": "https://github.com/cosad3s/postleaks"
},
"split_keywords": [
"leaks",
" postman",
" osint",
" bugbounty"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "d7fc166dc4e18f9b3859d649405d1cb6a79b20ce8426c32c06fd2b74e290c72c",
"md5": "9e95c3c02d0f63e20aa640662ea55b1b",
"sha256": "ac1a16c07c1818c11219a63ba769498e38a2a31981740f0ec4ba42a66243e671"
},
"downloads": -1,
"filename": "postleaks-1.1.5-py3-none-any.whl",
"has_sig": false,
"md5_digest": "9e95c3c02d0f63e20aa640662ea55b1b",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 19004,
"upload_time": "2024-07-24T23:12:05",
"upload_time_iso_8601": "2024-07-24T23:12:05.653155Z",
"url": "https://files.pythonhosted.org/packages/d7/fc/166dc4e18f9b3859d649405d1cb6a79b20ce8426c32c06fd2b74e290c72c/postleaks-1.1.5-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "88b51f45de31e0f604b7cc37993142728f709803d19ab56bfb48ce4f3b51857e",
"md5": "f2596178e812cda9c224ee8f33e87136",
"sha256": "7319d4181de93863c17be482e4b67dd8dfc2a524cab48ee75ba7ef010b899441"
},
"downloads": -1,
"filename": "postleaks-1.1.5.tar.gz",
"has_sig": false,
"md5_digest": "f2596178e812cda9c224ee8f33e87136",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 18361,
"upload_time": "2024-07-24T23:12:07",
"upload_time_iso_8601": "2024-07-24T23:12:07.228587Z",
"url": "https://files.pythonhosted.org/packages/88/b5/1f45de31e0f604b7cc37993142728f709803d19ab56bfb48ce4f3b51857e/postleaks-1.1.5.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-07-24 23:12:07",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cosad3s",
"github_project": "postleaks",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "postleaks"
}
JSON
