I built Kingfisher, an extremely fast Apache 2.0 OSS secret scanner (Rust) that goes beyond simply finding secrets. - Live validation: checks whether a candidate secret actually works, so you can ignore dead strings. - "What can this key do?" / Access Mapping (optional): authenticates and enumerates the credential’s effective access (AWS, GCP, Azure, GitHub, GitLab). - Local triage UI: opens a local-only report so you can review findings + blast radius without sending code anywhere. Try it out:
I'd love feedback on:- false positives/negatives on your repos - which access-map / blast radius target you want next - what the UI should surface first during incident triage |
No comments yet