Porch Pirate is a comprehensive Postman reconnaissance and OSINT framework designed to automate the discovery and exploitation of API endpoints and secrets. It targets workspaces, collections, requests, users, and teams, functioning both as a standalone client and an embeddable library.
Key Features:
- Secret-Agnostic Discovery: Identifies sensitive information beyond specific keywords, capturing a broader range of potential vulnerabilities.
- Comprehensive Enumeration: Enumerates global secrets, unique headers, endpoints, query parameters, and authorization details.
- Versatile Usage: Can be used as a client or integrated into custom applications.
- Automated Workflows: Supports automatic search and globals extraction, as well as automatic search dumps.
- URL Extraction: Extracts URLs for fuzzing and further analysis.
- Request Conversion: Converts requests to curl commands for easier testing.
Use Cases:
- API Security Testing
- OSINT Gathering
- Reconnaissance
- Vulnerability Assessment
- DevSecOps
