noseyparker
parse-server
noseyparker | parse-server | |
---|---|---|
13 | 39 | |
1,511 | 20,624 | |
1.9% | 0.2% | |
9.4 | 9.4 | |
6 days ago | 5 days ago | |
Rust | JavaScript | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
noseyparker
-
Magika: AI powered fast and efficient file type identification
Yes!
Sometimes a file has no extension. Other times the extension is a lie. Still other times, you may be dealing with an unnamed bytestring and wish to know what kind of content it is.
This last case happens quite a lot in Nosey Parker [1], a detector of secrets in textual data. There, it is possible to come across unnamed files in Git history, and it would be useful to the user to still indicate what type of file it seems to be.
I added file type detection based on libmagic to Nosey Parker a while back, but it's not compiled in by default because libmagic is slow and complicates the build process. Also, libmagic is implemented as a large C library whose primary job is parsing, which makes the security side of me jittery.
I will likely add enabled-by-default filetype detection to Nosey Parker using Magika's ONNX model.
[1] https://github.com/praetorian-inc/noseyparker
- GitHub: Can no longer search code without being logged in
- Managing secrets like API keys in Python - Why are so many devs still hardcoding secrets?
-
Show HN: Nosey Parker, a fast and low-noise secrets detector for textual data
Yes and no.
On the one hand, Nosey Parker is effectively a special-purpose `grep` with a bunch of security-relevant patterns built-in, including one for PEM-encoded keys: <https://github.com/praetorian-inc/noseyparker/blob/main/data...>
On the other hand, to naively run the check you describe, you would need access to a copy of all of GitHub, which isn't feasible.
What you can do with Nosey Parker is use its GitHub enumeration features to specify your GitHub organization and a list of GitHub usernames you are interested in, and scan against just those. This will implicitly list all the relevant public repositories, clone them, and scan their entire history.
For your use case, another thing you could do is use the new GitHub code search (<https://cs.github.com>) to regex search for particular keys or tokens. That new search seems to cover lots of the public content available on GitHub.
Also, to put some color on this use case: in offensive security engagements (aka "red team" engagements) at Praetorian, we frequently find leaked credentials or tokens on GitHub or elsewhere, which allow us deeper access into the client's systems. It's a significant problem.
- Nosey Parker, a fast and low-noise secrets detector, now supports enumerating GitHub repositories and writing results in SARIF format
- Nosey Parker, a newer secrets detector, can scan 100GB of Linux kernel commit history in 2 minutes on a laptop, and now can write SARIF output
- Nosey Parker, a fast secrets detector, now enumerates GitHub repos, writes SARIF output, and has 90 default rules
-
Tools for scanning commits?
A tool just got open-sourced called Nosey Parker that scans commits and git history for secrets. You could look at Nosey Parker's source code to see how they scan commits and design your tool based on that.
- Nosey Parker, a new scanner for hardcoded secrets in textual data
parse-server
-
The 2024 Web Hosting Report
Backend as a Service (BaaS) goes back to early 2010’s with companies like Parse and Firebase. These products integrated everything a backend provides to a webapp in a single, integrated package that makes it easier to get started and enables you to offload some of the devops maintenance work to someone else.
- Placemark is going open source and shutting down
- Thoughts on Parse Platform / Server
-
Tools for scanning commits?
Prototype Pollution Fix
-
How to set up a Parse Server backend with Typescript
Parse Server is a great way to quickly spin up a backend for your project. Parse is a Node based utility that sits on top of ExpressJS.
-
A Guide On Appwrite
Parse
- [SERIOS] Solutie backend + DB pentru o aplicatie web
-
Free online DB for production app
You can try https://parseplatform.org/, it is self-hosted if you need. And also there are a number of cloud services with compatible API, like https://www.back4app.com/ It has dart-friendly generated API client, much simpler than firebase and is built on top of postgresql and mongodb.
-
Backend (auth/payment) options for Flutter app and web.
Parse - https://parseplatform.org/
-
Supabase Series B
Not to crash the party or anything. Supabase is great and all but in terms of feature completeness and getting actual products built, it doesn't come close to Parse[0].
Same with Appwrite. Both of these are very popular but they either lack essential features or have them behind a subscription wall. For example, the OSS version of Supabase (last I checked) doesn't include the edge functions which are really important for easily computing stuff on the server side. Parse on the other hand is 100% open source and has a huge feature set. It's older than all of these lo-code tools and actually helps solve the issues one comes across when using such tools.
Another thing is extending these tools which is a pain. For example, Parse supports multiple databases by default (postgres & MongoDB) and the ability to write a custom adapter if you need something else. Similarly, if you at any point need to go 100% custom it also makes that possible so you are never locked in. These tools however don't have that level of low-level control and are general all or nothing kind of tools best for small-to-medium sized problems which don't have a lot of room to grow.
But both of these (Appwrite & Supabase) are super markety. Appwrite is all over the place with their ads, Supabase got a huge trend when it launched etc. Parse on the other hand is not too good at marketing their product being fully community run which is one reason not many know of it. Another is their not-so-fancy docs.
I have no stake in any of these products: just my conclusion after having tried all of these.
[0] https://parseplatform.org/
What are some alternatives?
betterscan-ce - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
Appwrite - Your backend, minus the hassle.
trufflehog - Find and verify secrets
supabase - The open source Firebase alternative.
leaky-repo - Benchmarking repo for secrets scanning
nestjs-graphql - GraphQL (TypeScript) module for Nest framework (node.js) 🍷
MyBB - MyBB is a free and open source forum software.
ObjectBox Java (Kotlin, Android) - Java and Android Database - fast and lightweight without any ORM
mfaws - A cross-platform CLI tool to manage AWS credentials for MFA-enabled accounts
MongoDB - The MongoDB Database
RustScan - 🤖 The Modern Port Scanner 🤖
Vapor - 💧 A server-side Swift HTTP web framework.