trufflesecurity / trufflehog

Find, verify, and analyze leaked credentials
https://trufflesecurity.com
GNU Affero General Public License v3.0
17.44k stars 1.72k forks source link

Postman module panic #3200

Closed domwhewell-sage closed 3 months ago

domwhewell-sage commented 3 months ago

TruffleHog Version

3.81.7

Trace Output

https://gist.github.com/domwhewell-sage/e3165ffcc78638e9d66cf74e1c17c7c8

Expected Behavior

Trufflehog should scan the postman workspace

Actual Behavior

Postman module panics when being run on a workspace ID. I have tried this on a few public workspaces and collections and get the same panic result.

Steps to Reproduce

  1. Identify a workspace in postman I used the public workspace "Test examples in Postman"
  2. Find the ID by selecting the 3 dots and "Workspace Info"
  3. Copy the ID and paste it into the --workspace-id= option on the CLI
  4. Run trufflehog. I used the command trufflehog postman --workspace-id=70c7199b-6aee-49a6-a90f-025ad614f294

Environment

> lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description:    Kali GNU/Linux Rolling
Release:        2024.2
Codename:       kali-rolling
domwhewell-sage commented 3 months ago

Thank you @LaraCroftDev this has resolved the issue!