-
Notifications
You must be signed in to change notification settings - Fork 401
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ambiguous results from Postman module #1319
Labels
Milestone
Comments
TheTechromancer
added
enhancement
New feature or request
low priority
Fix these last
labels
Apr 26, 2024
SpamFaux
modified the milestones:
BBOT 1.8.0 - rambunctious_raymond,
BBOT 2.0.0 - crispy_diane,
BBOT 2.01
May 17, 2024
In #1383, discovery context has been added to all events. This should help a lot in troubleshooting this issue. |
TheTechromancer
modified the milestones:
BBOT 2.01 - unholy_ned,
BBOT 2.1.0 - sudden_teresa
Aug 30, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Based on feedback from @TMDeal, @liquidsec, and @aconite33, there are sometimes a lot of postman results where it's hard to tell how they're related to the target.
@domwhewell-sage has already added a custom check to discard unrelated search results. I don't think this is so much the fault of the postman module as how we are reporting the data.
Nothing needs to be done right away but I'm just thinking about how we could improve this in the future.
We're on the verge of having a really dangerous set of secrets detection modules --
gitlab
,github
,docker
,postman
,trufflehog
, etc. -- and as we keep building on them, I'm starting to think they deserve their own event type, something likeLOOT_ME
. It wouldn't actually be calledLOOT_ME
but the idea is that it's a big blob of text that might contain juicy things. Roughly analogous toRAW_RIR_DATA
in spiderfoot.This would allow us to attach context-specific info to the event like "This secret was found from a search of
evilcorp.com
against the postman API, and we found it in this workspace under this specific request".The text was updated successfully, but these errors were encountered: