Show HN: Kingfisher, a fast OSS secret scanner with validation and blast radius
github.comI built Kingfisher, an extremely fast Apache 2.0 OSS secret scanner (Rust) that goes beyond simply finding secrets.
- Live validation: checks whether a candidate secret actually works, so you can ignore dead strings.
- "What can this key do?" / Access Mapping (optional): authenticates and enumerates the credential’s effective access (AWS, GCP, Azure, GitHub, GitLab).
- Local triage UI: opens a local-only report so you can review findings + blast radius without sending code anywhere.
Try it out:
brew install kingfisher
#
kingfisher scan /path/to/code --view-report
#
kingfisher scan --git-url https://github.com/org/repo.git --view-report
#
kingfisher scan . --access-map --view-report
- false positives/negatives on your repos - which access-map / blast radius target you want next - what the UI should surface first during incident triage
No comments yet.