Kingfisher

KingfisherOpen source secret scanner with live validation. 950 detection rules, blast radius mapping, credential revocation, and a browser-based report viewer that also imports Gitleaks and TruffleHog output. Built in Rust by MongoDB.https://mongodb.github.io/kingfisher/ MongoDBhttps://github.com/mongodb/kingfisheren Fri, 22 May 2026 22:37:58 -0000 Fri, 22 May 2026 22:37:58 -0000 1440 MkDocs RSS plugin - v1.19.0 None Kingfisher https://mongodb.github.io/kingfisher/ Beyond Detection: Live Validation, Blast Radius, and One-Command Revocation Features blast-radius revocation secret-scanning validation Detection alone is noise. Kingfisher answers the three questions that actually matter when a secret leaks — is it live, what does it reach, and can we revoke it now — across AWS, GCP, GitHub, GitLab, Slack, and dozens of other providers. https://mongodb.github.io/kingfisher/blog/2026/04/28/beyond-detection-live-validation-blast-radius-and-one-command-revocation/ Fri, 22 May 2026 22:37:38 +0000 Kingfisherhttps://mongodb.github.io/kingfisher/blog/2026/04/28/beyond-detection-live-validation-blast-radius-and-one-command-revocation/ Scanning an Entire GitHub Organization for Leaked Secrets Tutorials github secret-scanning tutorial validation Step-by-step guide to scanning every repository in a GitHub organization for leaked credentials with Kingfisher — including history, issues, wikis, and gists — and validating which secrets are still live. https://mongodb.github.io/kingfisher/blog/2026/04/28/scanning-an-entire-github-organization-for-leaked-secrets/ Fri, 22 May 2026 22:37:38 +0000 Kingfisherhttps://mongodb.github.io/kingfisher/blog/2026/04/28/scanning-an-entire-github-organization-for-leaked-secrets/ Scanning Postman for Leaked Secrets — Including the Ones the UI Hides Features integrations postman secret-scanning validation Postman workspaces are a quietly underrated leak surface. Kingfisher now scans collections, environments, mocks, and monitors directly via the Postman API — and reads the plaintext of "secret"-typed environment variables that the Postman UI masks but the API does not. https://mongodb.github.io/kingfisher/blog/2026/04/29/scanning-postman-for-leaked-secrets--including-the-ones-the-ui-hides/ Fri, 22 May 2026 22:37:38 +0000 Kingfisherhttps://mongodb.github.io/kingfisher/blog/2026/04/29/scanning-postman-for-leaked-secrets--including-the-ones-the-ui-hides/ Real-time Secret Alerts: Webhooks for Slack, Teams, Discord, Mattermost, and Google Chat Features alerts discord google-chat integrations mattermost slack teams webhooks Kingfisher now POSTs scan results straight to your team's chat the moment a scan completes — Slack, Microsoft Teams, Discord, Mattermost, Google Chat, or any HTTPS endpoint. With per-finding fingerprints, a pivot link to the full report, and an auto-summary mode that keeps high-volume scans from spamming the channel. https://mongodb.github.io/kingfisher/blog/2026/05/04/real-time-secret-alerts-webhooks-for-slack-teams-discord-mattermost-and-google-chat/ Fri, 22 May 2026 22:37:38 +0000 Kingfisherhttps://mongodb.github.io/kingfisher/blog/2026/05/04/real-time-secret-alerts-webhooks-for-slack-teams-discord-mattermost-and-google-chat/