What is Porch Pirate?
Porch Pirate started as a tool to quickly uncover Postman secrets and has evolved into a multi-purpose reconnaissance/OSINT framework for Postman. Unlike existing tools that focus on identifying specific keywords as "secrets" in limited locations, Porch Pirate offers a flexible, secret-agnostic approach to capture false-positives that still provide offensive value.
Porch Pirate enumerates and presents sensitive results (global secrets, unique headers, endpoints, query parameters, authorization, etc.) from publicly accessible Postman entities such as:
- Workspaces
- Collections
- Requests
- Users
- Teams
Commands
To perform a simple search:
porch-pirate -s "coca-cola.com"To display globals from all active and inactive environments defined in the workspace:
porch-pirate -w abd6bded-ac31-4dd5-87d6-aa4a399071b8To extract information from a workspace and its collections:
porch-pirate -w abd6bded-ac31-4dd5-87d6-aa4a399071b8 --dumpMore Information
For more information and updates, visit the project's official GitHub repository: Porch Pirate (opens in a new tab).